Say you’re a looking to grow your company. There are any number of ways you can go about doing this, most popularly organically, through investors, or by acquiring other companies. In the latter situation, you may have different intentions in mind for an acquisition. For instance…
When you’re thinking about this acquisition for these reasons, you’re focused on companies that fit the bill. Once you’ve identified them, you’ll move into your due diligence process.
The common M&A due diligence process focuses on financial and risk assessments – what’s a fair asking price for the company you want to buy given what you unearth about its financial health, and what kind of risk might you be acquiring (pending lawsuits, potential regulatory violations, misconduct or any lack of governance, system health and maintenance, etc.) when you buy them.
But one area of risk that is actually the fastest growing and yet still largely ignored in M&A deals large and small is a company’s cybersecurity integrity.
The risk of a cybersecurity issue could wreak havoc on an acquiring company should it go undetected. Cases in point?
Though these examples feature high-profile brands, given the magnitude of a deal and the average cost of the common due diligence process, any double-digit million dollar acquisition should require a cybersecurity assessment to assure the buyer minimal risk of undue exposure to harm. Commonly, this due diligence process itself – between accountants, consultants, and lawyers – will run several million dollars regardless. In the meantime, cybercrime is estimated to inflict damages totaling $6 trillion USD globally in 2021, an amount equivalent to the world’s third-largest economy after the U.S. and China. At its rate of growth, cybercrime is forecasted to cost the world $10.5 trillion annually by 2025, a 75% increase in just four years.[iii]
So how do the common acquisition intention correlate to cybersecurity?
So how can companies in acquisition mode mitigate all of these challenges? By not failing to conduct a thorough and detailed Security Assessment during their M&A due diligence process. Not conducting one is kind of like buying a new iPhone 12 Pro Max for over $1,000 but not buying a $30 case to protect it. Don’t be penny-wise and pound foolish. Protect your investment upfront.
About Gigit
Gigit has been providing cybersecurity services for over 10 years, long enough to witness the exponential growth in the most egregious corporate cybercrimes. With more threats created by remote and globally distributed workforces, Gigit has helped businesses and federal contractors identify and remediate cybersecurity vulnerabilities. Its team of expert, highly certified professionals (CISSP; OSCE; OSCP; CEH; GXPN), with over 100 combined years of cybersecurity experience among them, lead M&A Security Assessments, Pentesting, Industry, Government, and Data Privacy Compliance initiatives and consulting/advisory services. We work directly with CEOs, CISOs, CFOs, CIOs as well as investment banks, insurance companies, VCs, and M&A attorneys to help protect cybersecurity systems and identify breaches that may impact acquisition deals and the ability of companies to do business with government agencies. Among the beneficiaries of Gigit’s services are brands like Uber, Amazon, Walmart, Kohl’s, Equinix, and Interim Healthcare.