Madan Mohan
Cyber due diligence is a process often associated with mergers and acquisitions (M&A), and it involves valuating and assessing the cyber risks and threat landscape of a potential company before it is acquired, or an investment is made by the acquirer.
As per the survey conducted by Donnelley Financial Solutions/Mergermarket.com, it was noted that while evaluating cybersecurity threats at an M&A target, potential for theft of data or Intellectual Property (IP) was the greatest concern along with damaging companies reputation and legal liabilities. It also noted that, 52% of M&A targets had data security issues in the past 24 months, mostly in consumer and e-commerce industry sectors.
It is vital for the buyer to ensure they fully understand both the value of the information assets they are looking to acquire and the level of cyber threat and vulnerability facing the target company. The buyer must also be able to determine the potential financial impact of the company’s cybersecurity preparedness or lack thereof upon the deal price. It is essential that the organisations either perform cyber due diligence reviews by their in-house cybersecurity teams or hire external consultants before going ahead for final transaction during M&A process.
Once the importance of evaluating the target’s cybersecurity posture is understood, the conversation should quickly move from “why” to “what”? Based on our experience, we have listed few cyber risks below which are being faced by companies either before or after M&A:
We have listed some of the key areas to be considered as part of cyber due diligence process below: