Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


New Security Assessment Practice Determines Readiness for Safe Integration and Identifies Cyber Risks to Consider During M&A Transactions

CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and incident response services, announced today that it is offering a new cyber risk assessment program aimed at businesses that conduct mergers and acquisitions (M&A).  The CrowdStrike Services’ “M&A Cyber Risk Assessment” program allows organisations to quantify risk in an area not traditionally considered in the M&A process – cyber risk. This program provides risk management, specifically geared to identifying and minimising exposure to cybersecurity threats before and during the company integration process.

CrowdStrike’s assessment methodology uncovers cyber risks associated with the following scenarios, among others, that are common during a merger or an acquisition:

  • The value of the prospective partner’s business may be materially reduced if its network has been compromised and its intellectual property has been stolen and exploited by cyber adversaries—your competitors.
  • An acquiring company may inherit massive liabilities if the prospective partner’s environment has been breached and customer data has been pilfered.
  • The risk of adversaries gaining access to your business-critical systems is introduced by merging your network and IT systems with a partner organisation that has cyber vulnerabilities. A significant investment may be required to bring the partner organisation’s security controls up to an acceptable level.
  • The company being acquired could lack the level of cybersecurity maturity that matches the acquiring organisation’s current security strategy, which can introduce unintended vulnerabilities. This captures cybersecurity risks that may materialise in the future without efforts to modify corporate culture and education.
  • The acquiring company may also already be compromised or have vulnerabilities that can be exploited to gain access to their network and sensitive data. This captures the cybersecurity risk associated with infecting the new environment being integrated.
  • Companies that engage in divestitures, selling assets or spinning off business units are also engaged with any number of third parties as part of the process, which may leave sensitive information vulnerable to theft at numerous junctures.

“The premise behind the CrowdStrike Services M&A Cyber Risk Assessment program is simple: You would never purchase a house without an inspection, so why would you invest millions of dollars in a business without properly assessing its cyber security posture?” said Shawn Henry, president of CrowdStrike Services and chief security officer. “Any merger or acquisition scenario poses significant risks given the investment and brand implications, along with the future of both companies involved. Vetting the cybersecurity readiness of the involved parties – including third-party organisations like law firms and financial services – should be a standard element of M&A or investment activity, particularly when it involves the integration of networks.”

“If an acquirer does not conduct comprehensive due diligence, at best they may find themselves investing unexpected, unbudgeted, and significant money to improve the weak data security of an acquisition,” said David Zetoony, chair of Bryan Cave LLP’s Data Privacy and Security Practice.  “At worst they may find that they have inherited a data security breach, or have exposed their own networks as part of integration to a data security breach. You can never be sure about the security of a target’s system, but quantitative independent and objective analysis of a potential target provides far more certainty than asking sellers to complete written questionnaires that only reflect their own knowledge and understanding.”

Before the M&A process begins, CrowdStrike evaluates the client and third-party environments for signs of current or past compromise by deploying Falcon Host to gain further visibility into endpoint activity in near real-time. Falcon Forensics Collector is also used to gather system metadata and artifacts for analysis, and network-based monitoring tools are applied to information egress points to gain visibility into potentially malicious traffic entering and exiting the networks. Finally, as part of the Cybersecurity Maturity Assessment framework, Crowdstrike is able to draw upon a rich data set to provide a unique perspective in the form of a zero to five scale that generates a more detailed picture of an organisation’s cybersecurity capabilities in comparison to organisations of a similar size and industry. Combined, CrowdStrike searches data from host systems for evidence of attacker activity and then collects, analyses and creates a report of findings focusing on indicators of compromise related to known attacker tools.

Click here to find more information about the new CrowdStrike Mergers and Acquisitions Cyber Risk Cyber Risk Assessment Program.

The CrowdStrike Elevate Partner Program offers businesses and organisations the ability to integrate various CrowdStrike products and services into their offerings, including the M&A Cyber Risk Assessment.