Risk management concerns are rife throughout a merger or acquisition process, but it is important never to neglect cyber security issues during this time. High profile CIO and CISO cyber security attacks in the past year alone have kept this issue relevant on the negotiating table. West Monroe Partners and Mergemarket released survey data revealing that 77% of acquirers value cyber security at M&A targets more than they did two years ago.
Cyber Security by the Numbers
Further findings of this research demonstrated that 40% of respondents faced cyber security issues after a deal was closed. To make matters worse, 32% of those surveyed reported that in the face of a cyber security threat, they lack the expertise to address related issues.
Most commonly reported were compliance or due diligence issues (noted by 70% of respondents), with a lack of qualified cyber security employees as another major problem (reported by 32% of those surveyed).
How Cyber Security Issues Impact Mergers and Acquisitions
It is undeniable that cyber security knowledge and the skills to prevent, detect, and address breaches are highly valuable — and woefully rare. When laying the groundwork for an acquisition or merger, these issues and the capacity of a company to address them are sure to be evaluated.
The merger process is not the time to first audit or examine a business’s cyber security blind spots. A deficient cyber security team may wind up being a deal breaker.
To stay current and protected, some companies conduct third-party risk assessments. This has long been standard practice in the business world, but may be unfamiliar to even the most innovative tech company.
It is now the responsibility of a CIO or CISO to describe their compliance standards and assessment process. If a company takes or processes payments, PCI compliance is absolutely essential. What’s more, mergers can be held up for months due to cyber security concerns that are being addressed — but not expressed clearly.
Training and evaluating a cyber security team before a merger or acquisition process begins is the surest way to guarantee that cyber security issues do not derail the negotiation process.