More Questions Over Yahoo’s Value Following Biggest Hack Revelation

Fortune reports that Verizon will seek to reduce its purchase price for Yahoo following the recent disclosure of a 2013 hack which compromised one million Yahoo accounts. The Yahoo data breach is said to be the largest ever disclosed.

Verizon originally agreed to buy Yahoo’s core internet business in July, for a price of USD4.8bn. Some questioned if that price was generous, even though Yahoo had once been valued at over USD100bn. Subsequent revelations about cyberattacks on Yahoo show us the dangers of valuing a business that is built upon data and customer relationships when it can be impossible for an outside firm to establish if it has been successfully hacked.

Last month I argued that the cover-up of a breach could do more harm than the breach itself. Not all investors would agree, but I would prefer to back a management team that admits to an attack and seeks to immediately reverse the harm that is done, compared to executives who protect the company’s supposed value by pretending security has not been circumvented and the business has suffered no damage. The former managers have a reason to promptly fix the flaws in their security; the latter do not. Maintaining a valuation by keeping investors ignorant of the company’s problems is another way of inflating the difference between the market value of a corporation and its true worth.

Modern business is built on trust, but increasingly the valuation of firms like Yahoo make me think that optimism and gullibility is being confused with trust. Yahoo is currently worth a fraction of the price it once could supposedly command. If Verizon could step away from their acquisition deal, it is doubtful that there would be many other suitors willing to pay such a price for Yahoo. That gives Verizon a negotiating advantage, but also begs a question. Whilst Yahoo generates almost USD5bn a year in revenues, would you want them to handle your data? If increasingly tech-saavy users find ways to avoid connecting to unreliable internet businesses then revenues and valuations could rapidly fall further.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.