Role of Security assessment in Mergers and acquisitions (M&A)

July 2, 2019

Due diligence Review (DDR) is critically important component in the M&A process, be it financial numbers or legal/ regulatory obligations with big monetary stakes.  Amidst all these, cyber security continues to be ignored or not even considered during such a M&A.

Look at the M&A deal of Yahoo -Verizon wherein the whole deal was cut short of millions of dollars, due to ignoring the cybersecurity review which was never even considered. Yahoo accounts had been breached and attackers stole personal data for all users. Due to this negligence of cybersecurity, it took a beating in the deal. Limiting such due diligence to a company’s IT systems rather than treating cybersecurity as a risk category in its own right means ignoring the serious risks that cyber threats create to all or any firms and to M&A deals involving them. Also, organizations going into any M&A deal must see the fact, not only they acquire the company, but also acquire the cyber security posture of it.

Cyber security assessments have a great role to play in M&A due diligence to avoid a security vulnerability or a breach. The deal value of M&A is estimated to be at a global value of $2.51 trillion.

To have a good M&A deal going, organizations must look into:

  • Information security risk factors must be considered a top priority
  • Does the nonheritable network have important risk, vulnerabilities, privileged users or folks with surreptitious body privileges?
  • Companies should be ready to see, in real-time, a holistic view of Identity within the acquired network, whether cloud, on premise, or hybrid.
  • Understanding of normal, suspicious and risky user behaviour: who is accessing what, when, where and with what devices.
  • Companies should review areas of risk that may be proactively cleaned up, notably the weak passwords, stale accounts, and privileged users.

A new study by Forescout Technologies indicates the role of Cybersecurity may be vital in a M&A due diligence.  Further the study states that most of the organizations do not provide enough time to evaluate all the security standards before the acquisition process.

Many organizations have been exposed to cybersecurity issues which puts the M&A deal into jeopardy. No one wants to buy a breach, and it is critical to perform cyber security assessment thoroughly prior to any acquisition. “Never trust, Always Verify” being the new Mantra nowadays will solve many problems in the M&A process. With security breaches soaring in the world, conducting a strict cybersecurity assessment will provide a smoother M&A process with No regrets.

Related Articles

Why Privilege Access Management Matters?

Why Privilege Access Management Matters? When it comes to Privilege Access Management. The first thing that pops up in my mind is a vault. Simply put, Privilege access management is the gateway to the most valuable digital assets in an organization. But before diving...

Cyber Security in Construction

Cyber Security in Construction Irrespective of the nature of business cyber-attack is quite common and a nightmare to any organization. The breach of sensitive personal data of an organization is making headlines quite often. Recently, Architectural and Construction...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Unleash more of your potential with weekly updates, tailored for your team.