According to a survey by Forescout, the cyber security firm, 53% of respondents said their organisation has encountered a critical cyber security issue or incident during an M&A deal that put the deal into jeopardy.
After closing an acquisition, 65% experienced buyers’ remorse, regretting the deal due to cyber security concerns.
“M&A activity can be a game-changing moment in a company’s history, but recent breaches shine the spotlight on cyber security issues and make one thing abundantly clear: you don’t just acquire a company, but you also acquire its cyber security posture and a potential trojan horse,” said Julie Cullivan, chief technology and people officer, Forescout. “Cyber security assessments need to play a greater role in M&A due diligence to avoid ‘buying a breach.’ It’s nearly impossible to assess every asset before signing a deal, but it’s important to perform cyber due diligence prior to the acquisition and continually throughout the integration process.”
CIOs need a seat at the table during the M&A process
The digital M&A deal trend is likely to continue over the next year as UK businesses increasingly look to buy-in the latest digital technologies and talent, but CIOs need to be involved in discussions at a much earlier stage
Forescout’s report, The Role of Cybersecurity in M&A Diligence, which is based on a total of 2,779 respondents of IT decision makers and business decision makers across industries from the US, France, UK, Germany, Australia, Singapore and India, also found that while proper cyber security evaluation takes time, acquisitions often run on fast track. Only 36% of respondents strongly agree that their IT team is given adequate time to review a targets’ cybersecurity standards, processes and protocols before completing an acquisition.
Furthermore, just 37% of respondents strongly agree that their IT team has the skills necessary to conduct a cyber security assessment for an acquisition.
“Acquiring a company without proper cyber security due diligence is like buying a used car and taking the seller’s word it is in good condition,” said Joe Cardamone, senior information security analyst and NA privacy officer, Haworth. “A company should not automatically trust the hygiene of IT assets. It’s critical to have full visibility into all connected devices and determine whether they are patched, configured properly, and free of malware.”
The importance of AI in mergers and acquisitions