Digital Business

Safeguarding your assets: Data loss prevention in divestitures

Jun 17, 2024
Data loss prevention in divestitures Data loss prevention in divestitures

Guest contribution by Sami Ramachandran (Sr. Director, IT M&A, Divestiture & Private Equity, Zscaler) & Shamsul Hussain (Senior Manager - M&A/Divestitures, Zscaler)

Glance at any business news publication today and the headlines are chock-full of corporate divestitures involving big names like TikTok, Goldman Sachs, and countless others. In tech, history points to some success stories, such as IBM's divestiture of its PC business almost two decades ago. Spin offs and divestitures are also the answer to M&As that go south, such as when one of the largest media mergers ever ended when Time Warner spun off AOL in 2009. 

While they’re strategic maneuvers to streamline operations, unlock growth, and optimize portfolios, divestitures come with a big challenge lurking within the complexities of separation: protecting crown jewels and confidential data.

Sensitive information – customer data, trade secrets, financial records – becomes vulnerable during a breakup, demanding robust defense. This is where data loss prevention (DLP) steps in, safeguarding assets and ensuring a smooth, secure divestiture journey. DLP is a comprehensive set of tools and processes designed to identify, classify, and protect sensitive data throughout its lifecycle. These tools need to be primed and ready during a divestiture, a window of vulnerability for sensitive data.

Why DLP is crucial during divestiture

With assets and personnel shifting hands, the potential for accidental or malicious data leaks increases significantly. For example, consumer-health company Kenvue saw a surge in scams targeting employees around the time of its separation from Johnson & Johnson in 2023.  Opportunistic hackers swooped in during Kenvue’s separation. According to the Wall Street Journal (reg. required), there was a 200% to 300% increase in attempted scams targeting Kenvue employees on their work and private devices and on WhatsApp. 

To defend against a potential onslaught of the type Kenvue faced during a time of vulnerability, you can use data loss prevention tools to: 

  1. Protect confidential information: Safeguard sensitive data during separation, minimizing exposure and risk.
  2. Ensure compliance: Maintain adherence to data privacy regulations, avoiding hefty fines and reputational damage.
  3. Minimize reputational harm: Preventing data breaches and leaks that can erode customer trust and brand reputation.
  4. Facilitating smooth transitions: Enabling secure transfer of relevant data to the new entity while protecting confidential information of the remaining business.

Implications of data leaks in divestiture

Ignoring data security during divestiture can have far-reaching consequences. The U.S. Securities and Exchange Commission finalized new cybersecurity disclosure rules in 2023 to improve investor transparency over cybersecurity risks and the actual cybersecurity incidents impacting their investments. Under the new disclosure rules, SEC registrants are required to make a disclosure within 4-business days once a cybersecurity incident is deemed by the company to be material to a reasonable investor. Below are three categories of a data loss fallout: 

  1. Financial Losses & Legal Repercussions: Regulatory fines and penalties for noncompliance, lawsuits, and compensation costs can drain resources and impact financial stability. In Europe a GDPR violation can cost up to €20 million. 
  2. Operational Disruption: Reputational damage and loss of customer trust can disrupt operations and hinder future growth. IBM Security found that reputation loss can lead to $1.52 million in lost business, and IDC reported that 80% of consumers in developed nations will defect from a business if their information is compromised in a security breach.
  3. Competitive Disadvantage: Leaked information can give competitors an unfair advantage and compromise strategic plans. 

Build a robust DLP strategy for divestiture

Here are key steps to implement a successful DLP strategy:

"Data loss protection"

 

There are many capabilities and criteria to consider in a solution that can support your strategy. Here’s why more organizations are choosing Zscaler DLP over alternatives: 

  1. Unified Platform: A cloud-based platform that eliminates the need for fragmented solutions, simplifying your security landscape.
  2. Automated Data Discovery: Machine learning capabilities that quickly and accurately identify sensitive data, saving time and resources.
  3. Granular Policy Enforcement: Flexible policies that control data access, encryption, and prevention based on user roles, data types, and destinations, crucial for protecting confidential information during separation.
  4. Zero Trust Exchange Integration: Logical isolation of divested assets and zero trust access to applications under TSAs, enhancing security and minimizing disruption
  5. Pre-built Compliance Templates: Ensuring divestitures remain compliant with GDPR, HIPAA, and other regulations, reducing fines and legal risks.

In the high-stakes world of divestitures, neglecting data security is a gamble with significant risks. By proactively implementing a robust DLP strategy powered by Zscaler solutions, companies can protect their most valuable assets, navigate the separation process with confidence, and pave the way for a secure and successful future. Remember, data loss prevention is not just an option; it's a strategic imperative for any divestiture.

What to read next 

Talking mergers, acquisitions, and divestitures with TCS  

How Zero Trust can accelerate your M&A strategy in 2024

Merger & acquisition integration: How a zero trust exchange accelerates time to value