It’s time to put the diligence into your M&A due diligence

It’s time to put the diligence into your M&A due diligence
Rick Holland
More From Rick Holland

2 Min Read

The headlines resulting from the Target/Fazio Mechanical Services and T-Mobile/Experian breaches have raised the awareness around third-party risks. Unfortunately, awareness doesn’t equal a security control and organizations must make a deliberate effort to pull their heads out of the sand and get better visibility into the risks they face.

Mergers and acquisitions (M&A) risk is a critical subset of broader third-party risk.  According to Deloitte, global (M&A) activity reached record-breaking deal values in 2015 at over $4 trillion, with the resulting deals expected to add $1.5 to $1.9 trillion in value to these companies. In 2016, high levels of M&A activity are expected to continue.

While M&A can certainly add value, it can also detract from value as well. In 2011 Hewlett-Packard acquired British software maker Autonomy for $11.1 billion in what could be considered one of the worst corporate deals ever. HP had to write down $8.8 billion as a result of “serious accounting improprieties” that due diligence failed to uncover.

The Autonomy example illustrates the potential financial risks of M&A, but what are the cyber risks of M&A activity? From the exploitation of financial markets, to the theft of intellectual property, the M&A process provides significant opportunities for threat actors.  In one public example, US Security and Exchange commission launched an investigation into the criminal activities of a threat actor group identified as FIN4 who was suspected of targeting public companies that provide M&A series including investor relations, legal counsel and investment banking.

In order to gain visibility into M&A risks associated and what you can do about them, you must first understand the M&A process (See Figure 1).

MA

Figure 1: The M&A Process

Due diligence is a discrete stage in the M&A process, but in order to better under stand the risks, diligence must occur during all the stages.  Proper due diligence must include having a better understanding of both the acquirer and acquiree’s digital footprints.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

connect with us

Tags:

Related Posts

COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

  Threat models are an often discussed...
Love Where You Work – Near and Far We Celebrate Our Team

Love Where You Work – Near and Far We Celebrate Our Team

March 12, 2020 | 6 Min Read

#LoveWhereYouWork Entering into 2020 felt a bit...
Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

March 4, 2020 | 5 Min Read

An ever changing perimeter? Over the past few...