Deloitte Survey: Cybersecurity Concerns Pressure M&A Deals
Cybersecurity is a top concern among organizations engaged in virtual M&A deals during the coronavirus (COVID-19) pandemic, according to the “Future of M&A Trends Survey” of 1,000 executives at U.S. corporations and private equity investor firms conducted by Deloitte.
Key findings from Deloitte’s survey included:
- 51 percent of respondents said cybersecurity threats are their organization’s biggest concern around executing deals virtually.
- 55 percent anticipate virtual dealmaking will be the preferred platform after the pandemic ends.
- 87 percent indicated their organization was able to effectively manage a deal in a virtual environment.
M&A deal activity slowed dramatically during the initial coronavirus outbreaks in Europe and North America, but technology companies have rapidly resumed mergers and acquisitions since around June 2020, according to ChannelE2E deal analysis.
So far, ChannelE2E has tracked more than 400 M&A deals involving technology firms from all types of backgrounds in 2020. Also, MSSP Alert has tracked 16 MSSP mergers and acquisitions so far in 2020.
How to Identify and Measure Cyber Risks in M&A Deals
Cyber threat profiles of prospective targets and portfolio companies can help organizations determine the risks associated with M&A deals, said Deborah Golden, cyber risk and strategic leader for Deloitte Risk & Financial Advisory.
Golden also noted that CISOs must understand how a data breach can negatively impact the valuation and structure of an M&A deal to avoid cybersecurity dangers that can result in brand reputation damage and remediation costs.
Furthermore, a third-party risk management program can help organizations track and measure cyber risks during M&A deals, according to Optiv, a Top 250 MSSP. This program allows organizations to quickly categorize an M&A deal’s risks and ROI.
Bugcrowd Offers Security Tests for M&A Deals
Along with using the aforementioned tips, organizations can perform security tests to analyze the cyber risks associated with M&A deals.
Bugcrowd, a crowdsourced bug bounty and vulnerability disclosure platform provider, in August released M&A Assessment, which consists of a set of security tests designed to help organizations assess cybersecurity vulnerabilities in M&A deals. Organizations can use M&A Assessment to perform an evidence-based evaluation of a merger target’s cybersecurity posture, initiate security tests in 72 hours or less and access results in real-time.
Most organizations are concerned about cybersecurity in virtual M&A deals that take place during the coronavirus (COVID-19) pandemic, a Deloitte survey shows.
Hey Joe – really insightful! Wes Spencer, CISO of Perch Security wrote a very interesting blog called “M&A: Why Can’t Cybersecurity Get No Respect?” https://perchsecurity.com/perch-news/ma-why-cant-cybersecurity-get-no-respect/ on key aspects of M&A with Cyber…
Andrew: Thanks for the note and link. There’s definitely a knowledge gap in the market — especially among smaller MSPs that aren’t sure how to perform cyber due diligence on an acquisition target.
Readers: To be clear — we’re not necessarily referring to cybersecurity acquisitions. Instead, all businesses need to include cyber due diligence in their M&A discussions. Otherwise, you could be acquiring major risks hidden in the assets you gobble up…
Hey Joe – to further back your findings, here’s an article published today on the subject: https://www.helpnetsecurity.com/2020/10/09/virtual-dealmaking/