If you’re not thinking about cybersecurity in connection with fintech, consider for a moment the impact of the Yahoo! data breaches on the Verizon-Yahoo! acquisition.
As reported this morning (WSJ, paywall), Yahoo! and Verizon agreed to revise downward the purchase price for their deal by a little more than 7%, from $4.83 billion to $4.48 billion. When you calculate in the legal fees for revising the deal, the related pending SEC matters, and the potential for follow-on civil litigation, it’s likely that the Yahoo! breach will probably cost shareholders somewhere in the neighborhood of $400 million. (And that’s not even counting the state-level breach notifications.)
For entrepreneurs considering whether to address cybersecurity in early stage companies, let alone more mature ventures, the Yahoo! breaches represent a cautionary tale. But for fintech startups facing elevated regulatory burdens imposed by regulators of financial institutions, I think it’s fair to say that failure to address cybersecurity may determine whether their company survives at all. Small wonder, then, that cybersecurity startups were until recently on the leading edge of venture funding rounds.
In light of the amendments to the Yahoo! deal, I think we can expect an even tighter focus on cybersecurity for consumer-focused fintech startups. Expect venture capitalists and private equity firms to shift more resources in due diligence to cybersecurity audits, as well as risk-shifting provisions that put more of the onus upon fintech companies to keep their noses clean. Above all, however, expect earn-out fees to be held in escrow subject to a lack of post-closing breaches.
FinTechLaw.IO 