Connect with us

Top Stories

THE ROLE OF CYBERSECURITY DUE DILIGENCE AS AN M&A PRIORITY

THE ROLE OF CYBERSECURITY DUE DILIGENCE AS AN M&A PRIORITY

By Shawn Henry, CSO CrowdStrike

Last year alone, M&A activity reached fever pitch, with the global market valued at over $4 trillion – its highest since 2007. If 2016 follows suit, we’re looking at over 18,000 M&A events to occur this year, many of which may be “megadeals” exceeding $50B.  Furthermore, it’s not just the global market that is booming, with the UK tipped as the top European target for inbound deals from emerging markets.

With this market opportunity reaching staggering heights, no company can afford to take on a partner organisation without exploring all the areas of risk involved. This involves much more than just the traditional financial calculations. Whether it’s a large company acquiring a niche business that sits outside of current client offerings, or a smaller company partnering with another organisation to expand its footprint, businesses must prioritise security.

When organisations make an acquisition, they are essentially investing in the intellectual property and R&D of the proposed partner organisation. Typically, there are few individuals on the buyer side who truly understand the network systems they’re about to purchase, which contain valuable IP. The integrity of this data must be assessed prior to an acquisition – and the team assessing it must be able to provide a level of scrutiny that ensures all areas are fully evaluated, diagnosed and proven secure. Currently this isn’t a process that is routinely adhered to because companies lack clarity on what exactly they should be looking for, prior to a deal being finalised.

It’s like buying a first home – typically the biggest personal investment an individual ever makes. When you are house hunting, you don’t do it without some kind of guidance from an estate agent or a property manager who asks the important questions. M&A activity is no different, as it involves a significant business investment. You wouldn’t make a home purchase without an inspection or without the guidance of a reputable source, so why would you accept less vigilance when it comes to your business? Being able to fully vet a target company’s systems, data, and environment in order to assess and protect the valuable assets being acquired is essential.

Determining a partner’s security profile begins with knowing what questions to ask. For starters, are there any vulnerabilities in the partner organisation that could be exploited to access your systems? And, how secure will the data be during the integration process? Has their network been compromised before and what are the security risks posed by merging both environments? Ultimately the assessment a business undertakes prior to any activity should aim to determine whether an organisation has the same level of security controls in place and meets their existing standards, even without absorbing their technological resources.

Working with a third party throughout this process can help businesses to explore these critical security questions and prevent the introduction of any unnecessary risk. This involves undertaking a comprehensive assessment to identify the gaps in security posture, examine security documentation, review IT processes, and conduct interviews with key staff to understand where cyber security falls on their list of priorities. By doing so, the business can paint a full picture of what’s being acquired, the intrusion detection controls in place and the current employee mindset on security.  It also helps to determine what precautionary technical measures the business should take in terms of network-based monitoring for example, which helps provide visibility into potentially malicious traffic entering and exiting the networks.

Ultimately, the nominal cost of being proactive and predictive about security saves significant time and money in the long run.  It’s always harder and more expensive to react to something than preventing it from happening in the first place. The best protection method is having a team on hand to provide recommendations on how to prioritise resources based on the actual risk, create an implementation plan of effective detection measures, and have a comprehensive security strategy to actually prevent damage.

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Recommended

Newsletters with Secrets & Analysis. Subscribe Now