In today’s world, businesses face constant threats to their data and digital assets. This threat level is heightened during the M&A process. Everyday we see stories in the media ( ie Marriott Breach ) regarding an M&A deal that went wrong because either the proper cyber security assessments were not conducted, or the results were ignored when they were performed.
How should responsible businesses respond to these threats? The days of burying your head in the sand and hoping that everything will work out are long behind us and smart businesses know that they must utilize cyber due diligence in order to protect their digital assets and have a comprehensive disclosure schedule.
Let’s take this in three steps:
- Before The M&A Transaction
- During The Integration Phase
- After Integration
1. Before The M&A Transaction
So what is the first step that today’s smart business leaders should take to protect themselves and their companies? To begin with, companies need to identify and protect key digital assets of the target company. This should be at the heart of any deal.
For example, is data leaking? Is malware within the system? Due diligence is all about CyberSecurity Assessments being incorporated into the disclosure schedule. You must have good information in order to make informed decisions regarding digital assets.
Demand is so high for this type of service, we put together an entire service package for it: M&A Due Diligence. This service package comes with an executive summary, risk assessment report and the all important dollar-quantified risk report that is very useful in the decision making process.
After all, if you don’t know what is going on behind the scenes, you risk closing the deal with nothing more than your fingers crossed. It’s always a good idea to get a cybersecurity risk assessment on any deal where the target has 10 million or higher in revenue.
2. During The Integration Phase
Integration is the key to long term success once the deal has been negotiated. The acquirer and the target company must continually be assessed during the merger process as any company going through a transition becomes a target for hackers.
Continued cybersecurity assessments must also be performed, and any irregularities must be identified and remediated to ensure a smooth cyber transition for both companies in order to have success in the long term.
3. After Integration
Closing on a M&A deal without a comprehensive cybersecurity risk assessment is a due diligence mistake, and one that can be fatal to long term success of the merger. Critical digital assets must be identified and protected. Anything short of this has the potential for significant liability. Companies must have an cyber emergency response plan in place, because it’s not if a breach will occur in the future, but when.
* Takes three weeks
* Performed remotely
* Starts less than 10K
* Documentation reviewed
* Takes four Weeks
* Performed Onsite
* Includes interviews
* Performed on third party
* Takes five weeks
* Performed onsite
* Dollar quantified results