Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
The headlines resulting from the Target/Fazio Mechanical Services and T-Mobile/Experian breaches have raised the awareness around third-party risks. Unfortunately, awareness doesn’t equal a security control and organizations must make a deliberate effort to pull their heads out of the sand and get better visibility into the risks they face.
Mergers and acquisitions (M&A) risk is a critical subset of broader third-party risk. According to Deloitte, global (M&A) activity reached record-breaking deal values in 2015 at over $4 trillion, with the resulting deals expected to add $1.5 to $1.9 trillion in value to these companies. In 2016, high levels of M&A activity are expected to continue.
While M&A can certainly add value, it can also detract from value as well. In 2011 Hewlett-Packard acquired British software maker Autonomy for $11.1 billion in what could be considered one of the worst corporate deals ever. HP had to write down $8.8 billion as a result of “serious accounting improprieties” that due diligence failed to uncover.
The Autonomy example illustrates the potential financial risks of M&A, but what are the cyber risks of M&A activity? From the exploitation of financial markets, to the theft of intellectual property, the M&A process provides significant opportunities for threat actors. In one public example, US Security and Exchange commission launched an investigation into the criminal activities of a threat actor group identified as FIN4 who was suspected of targeting public companies that provide M&A series including investor relations, legal counsel and investment banking.
In order to gain visibility into M&A risks associated and what you can do about them, you must first understand the M&A process (See Figure 1).
Figure 1: The M&A Process
Due diligence is a discrete stage in the M&A process, but in order to better under stand the risks, diligence must occur during all the stages. Proper due diligence must include having a better understanding of both the acquirer and acquiree’s digital footprints.