Marriott announced on 9 July that the UK Information Commissioner intends to fine it £99m. This relates to a cyber attack on a subsidiary, which started before it was acquired by Marriott. The ICO criticised the due diligence that was undertaken at the time of the acquisition.
As discussed at our recent M&A Perspectives Forum, a recent survey showed that 95% of large businesses consider cyber risk a high priority. This is not, however, always reflected in their approach to M&A. The Marriott fine has therefore brought cyber and data risks in M&A into even sharper focus.