Organization’s cyber security can have an effect on acquisition, says report

There are three common reasons cyber security has to be among the top priorities for the C-suite: To maintain confidence of partners, customers and investors. Loss of confidence by any of those groups could undermine corporate revenues.

A new report suggests there’s another reason: To keep up the value of the company for a possible merger or acquisition.

“Virtually all acquirers must implement a rigorous diligence process when considering M&A targets,” says the report by West Monroe Partners, a U.S.-based business and technology consulting firm. “The nature of cyber threats is also changing constantly, requiring a nimble approach to due diligence.”

How big an issue is it? According to a survey of  30 senior executives at corporate and private equity firms that frequently conduct M&A transactions 80 per cent said cybersecurity issues are highly important in doing due diligence on potential deals. The other 20 per cent who said they are somewhat important.

Just over three quarters said said the importance of cybersecurity in potential deals had increased significantly over the last 24 months.

These numbers reflect the rapid growth of risks related to cybercrime and the growing number of costly data breaches, says the report.

It quotes the director of M&A at an unnamed technology firm that completes more than 10 acquisitions a year, who said that “information collected through data security diligence plays the most important part in deciding the future course of the deal. We operate in an industry where data security is of utmost importance and therefore any breach or intrusion could permanently harm the company’s image and operations.”

The obvious worry is the cost fixing security problems or covering damages for previous breaches in the company being acquired, in addition to integrating two security architectures. More than a third of respondents said they are highly concerned about the occurrence of frequent or recent data breaches in a company being looked at.

Thirty-seven percent of respondents said they especially worried about threats to customer data, while 33 per cent said threats to business data concerned them.

On the other hand, the report acknowledges that how competently a company responded to a breach could add to its value.

How thorough will the examination be? The report says a proper due diligence should look at the full gamut of risks: breach history, specific data threats, problems for integration, and the cost of potential fixes.

The report says the kind of red flags respondents have found when they do examinations include lack of comprehensive data security architecture, vulnerability to insider threats, inadequate security on mobile devices, vulnerable local server storage, lack of data security team, weak encryption/ security by vendors, vulnerable cloud storage and weak employee password policy.

Would your organization stand up to that kind of examination?

The report also notes that the target company may have clear grades in many of these categories but a lack of good governance in the form of written policies and procedures could be a warning sign.

One last point: cybersecurity issues alone aren’t a deal-breaker, most respondents admitted. However, they could affect the value, or whether an offer is made at all.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now