Don’t Acquire a Company Until You Evaluate Its Data Security
The new issue of Harvard Business Review has an article by Chirantan Chatterjee and D. Daniel Sokol. It begins:
When Marriott International acquired Starwood in 2016 for $13.6 billion, neither company was aware of a cyber-attack on Starwood’s reservation system that dated back to 2014. The breach, which exposed the sensitive personal data of nearly 500 million Starwood customers, is a perfect example of what we call a “data lemon” — a concept drawn from economist George Akerlof’s work on information asymmetries and the “lemons” problem. Akerlof’s insight was that a buyer does not know the quality of a product being offered by a seller, so the buyer risks purchasing a lemon — think of cars.
Read more on HBR.