Merger and Acquisition deals were found to be particularly vulnerable to reductions in value, and even collapse in the final stages, because cyber risk is not being adequately factored in.
The survey by Freshfields Bruckhaus Deringer law firm said there was 'a worrying level of complacency towards the assessment of cyber risks during M&A deals, despite increasing awareness of the cyber security risks facing businesses'.
Cyber attacks are a growing risk to businesses across the world. A breach by hacktivists, state-sponsored agents, organised crime cartels or company insiders has the potential to disrupt operations, damage brands and erode corporate value.
Some 90 per cent of 214 deal-makers who took part in the survey thought cyber breaches would result in a reduction in deal value, and four out of five thought a deal could be dropped altogether if cyber security breaches came to light during corporate due diligence or mid-transaction.
However, despite their appreciation of the significance of cyber threats, the same number of respondents admitted cyber security was not a risk they currently analysed in-depth or factored in during the deal due diligence process. This was largely attributed to cyber security being a relatively new area that buyers struggle to understand how to tackle.
At the top of the list of concerns in this field, deal-makers feared their targets could suffer cyber-attacks during M&A discussions; particularly where the target had been compromised previously, through data or intellectual property theft.
Other concerns included finding a target had not handled a past breach effectively, where company records showed they had attracted fines or had suffered a damaged reputation.
Buyers were found to be more concerned about such threats scuppering a deal than sellers, with one in three purchasing companies saying that identifying cyber threats during due diligence could derail a takeover, compared to the over 80 per cent of sellers who said they were unconcerned or slightly concerned about cyber risks.
There was a gulf between North America and Europe in terms of the importance given to conducting cyber due diligence, especially considering respondents from the former outnumbered the latter nearly three to one. The survey showed cyber security has become a key part of half of all due diligence conducted in the US in the last year, compared to under 40 per cent in Europe.
But nearly everyone surveyed could agree that the threats posed by cyber attacks are growing, with 82 per cent of deal-makers saying cyber-attack risk will change deal processes over the next 18 months.
