Mergers and acquisitions (M&A) are a regular occurrence in the business world. And while we’re all familiar with concept of due diligence when it comes to judging the financial performance of another company, it’s time for enterprises to start applying that same level of scrutiny to the cybersecurity capabilities of a potential acquisition. A thorough review of an acquisition’s security architecture, processes and policies should be a firm requirement for any M&A process.
But where should the cybersecurity due diligence process begin? As a CISO, I recommend that companies start by confirming their acquisition target’s past investments in cybersecurity were made in a manner commensurate with the growth of the company. Ask the following:
Due diligence should be maintained throughout the entire M&A process, particularly before information about the activity goes public. While I don’t have specific numbers, I think it’s safe to assume that there have been situations in which a hacker or less than scrupulous employee have hacked an enterprise network in search of material information they could exploit for their own financial gain before news of an M&A became public. The fallout of such activity could be extreme, so it’s important that acquirers and those looking to be acquired consider and implement the appropriate cybersecurity controls to ensure proprietary information doesn’t leak.
The constant stream of security breaches in the news have gained the attention of executive leadership and boards of directors who are now looking to their CSOs/CISOs to minimize their risk exposure when contemplating major business moves like an M&A.
I would encourage my fellow CISOs (or any other executive looking for guidance and recommendations around cybersecurity policy guidance) to visit SecurityRoundtable.org, a community designed to share best practices, use cases and expert advice to help executives better manage cybersecurity risk.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.