Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Cybersecurity Lapses Can Derail the M&A Train
Ask most executives and board directors about the top risks associated with mergers and acquisitions (M&A), and they’ll likely list concerns such as overpaying for an acquired company, assimilating disparate cultures, an inability to achieve projected synergies, the integration process, and so on. What executives and directors are less likely to mention is one of today’s greatest threats to M&A success: cybersecurity.
An increasing number of deals are being abandoned or revalued due to cybersecurity issues, and most of those involve organizations that are performing appropriate due diligence and discovering breaches and other cybersecurity issues before closing the deal. In cases where such due diligence is not being performed, or being performed in a perfunctory manner, we also see headlines about after-the-fact cybersecurity issues triggering compliance violations and enormous unplanned remediation costs. These situations quickly turn good deals into bad, and could lead to liability issues for directors and officers.
It is not surprising to see post-deal cybersecurity problems. According to the most recent FireEye M-Trends report, it takes an average of 101 days for companies in any stage of their life cycle to discover a data breach. If a breach remains undiscovered throughout the M&A process, the buying company could be unknowingly acquiring a damaged asset. Or, if an adversary has penetrated either the buyer or the target company’s network, the “uncompromised” party in the deal stands to be attacked through the other company once their networks are joined.
In cases where there is not an active adversary on either network during the deal, if one party is not effectively managing its own cybersecurity risk, it will open the other party to those risks, or to compliance gaps, once the deal is closed and integration activities begin. Finally, if the intellectual property of the acquired company has been compromised, the company valuation and sustainability could be negatively impacted.
To mitigate security risk during M&A, boards should work with their management teams to ensure that cybersecurity experts are brought into the due diligence process early, and preferably before deal value is set. This is the only way the acquiring company can get a clear picture of the real and potential risks to deal value that the acquisition target may introduce through its security gaps and any active intrusion. Not every security consultant has experience conducting M&A due diligence, so selecting the right partner is critically important.
Here are some key cybersecurity steps the board of every acquiring company should ask the management team to take before and during the M&A process:
Businesses have been slow to embrace cybersecurity as a top-tier risk not only for M&A, but for business operations in general. Recent headlines underscore that failure to make cybersecurity a focal point of due diligence can turn even the best-looking deal ugly overnight. The board can do its part to ensure the deal’s success.
A version of this article originally appeared in the July/August 2019 issue of NACD Directorship magazine.
Let us know what you need, and we will have an Optiv professional contact you shortly.