The Role of Cybersecurity in M&A Diligence

KEY FINDINGS

• Cybersecurity issues are prevalent and can put a deal into jeopardy: Over half of respondents (53%) report their organization has encountered a critical cybersecurity issue or incident during an M&A deal that put the deal into jeopardy.
• Organizations are placing more focus on a target’s cybersecurity posture than they did previously: Eighty-one percent of ITDMs and BDMs agree that they are putting more of a focus on a target’s cybersecurity posture than in the past, highlighting that cyber is a top priority for both IT and business decision makers.
• An undisclosed data breach is a deal breaker for most companies: Seventy-three percent of respondents agreed that a company with an undisclosed data breach is an immediate deal breaker in their company’s M&A strategy.
• Decision makers sometimes feel they don’t get enough time to perform a cyber evaluation: Only 36% of respondents strongly agree that their IT team is given time to review the company’s cybersecurity standards, processes and protocols before their company acquires another company.
• Internal IT teams may lack the skills to conduct cybersecurity assessments: Among ITDMs, only 37% strongly agree that their IT team has the skills necessary to conduct a cybersecurity assessment for an acquisition.
• Organizations allocate third party resources to their cybersecurity assessments: Nearly all respondents (97%) reported that their organizations spend money on outside contractors for IT audits or cybersecurity risk assessments.
• Connected devices and human error put organizations at risk: When asked what makes organizations most at risk during the information and technology process, two answers stood out: human error and configuration weakness (51%) and connected devices (50%).
• Devices often get overlooked and missed during integration: Over half (53%) of ITDMs say they find unaccounted for devices after completing the integration of a new acquisition.
• Failure to address cyber risk can lead to major acquisition regrets: Nearly two-thirds of respondents (65%) said their companies experienced regrets in making an M&A deal due to cybersecurity concerns.