Cybersecurity is a top concern among organizations engaged in virtual M&A deals during the coronavirus (COVID-19) pandemic, according to the "Future of M&A Trends Survey" of 1,000 executives at U.S. corporations and private equity investor firms conducted by Deloitte.
Key findings from Deloitte's survey included:
- 51 percent of respondents said cybersecurity threats are their organization's biggest concern around executing deals virtually.
- 55 percent anticipate virtual dealmaking will be the preferred platform after the pandemic ends.
- 87 percent indicated their organization was able to effectively manage a deal in a virtual environment.
M&A deal activity slowed dramatically during the initial coronavirus outbreaks in Europe and North America, but technology companies have rapidly resumed mergers and acquisitions since around June 2020, according to ChannelE2E deal analysis.
How to Identify and Measure Cyber Risks in M&A Deals
Cyber threat profiles of prospective targets and portfolio companies can help organizations determine the risks associated with M&A deals, said Deborah Golden, cyber risk and strategic leader for Deloitte Risk & Financial Advisory.
Golden also noted that CISOs must understand how a data breach can negatively impact the valuation and structure of an M&A deal to avoid cybersecurity dangers that can result in brand reputation damage and remediation costs.
Furthermore, a third-party risk management program can help organizations track and measure cyber risks during M&A deals, according to Optiv, a Top 250 MSSP. This program allows organizations to quickly categorize an M&A deal's risks and ROI.
Bugcrowd Offers Security Tests for M&A Deals
Along with using the aforementioned tips, organizations can perform security tests to analyze the cyber risks associated with M&A deals.
Bugcrowd, a crowdsourced bug bounty and vulnerability disclosure platform provider, in August released M&A Assessment, which consists of a set of security tests designed to help organizations assess cybersecurity vulnerabilities in M&A deals. Organizations can use M&A Assessment to perform an evidence-based evaluation of a merger target's cybersecurity posture, initiate security tests in 72 hours or less and access results in real-time.
Most organizations are concerned about cybersecurity in virtual M&A deals that take place during the coronavirus (COVID-19) pandemic, a Deloitte survey shows.