Considering a Merger or Acquisition? Build Cyber Diligence into Your Target Assessment

Guest Column By:

CohnReznick LLP

In today’s digital economy, executives rely heavily on information systems and data stored within those systems to operate their business and make sound corporate decisions. Organizations are dependent on IT assets to create, use, communicate, and store critical and sensitive information, including generating financial statements. Such increased dependence on IT assets and information in electronic form increases an organization’s susceptibility to cybersecurity threats – leaving a business vulnerable to major harm to both its operations and stakeholders in the event of a security breach.

For companies seeking a merger or acquisition, the primary goal of due diligence has traditionally been to investigate the target of an M&A transaction to gain a deeper understanding of the target’s business operations, its financial condition, assets, liabilities, and overall health of the business. However, the heightened reliance on networked infrastructure, systems, and use of emerging technologies adds a necessary layer to the due diligence process – cyber diligence. Also referred to as cybersecurity due diligence, cyber diligence is rapidly becoming an essential component of the overall review process.

The heightened reliance on IT assets and their equal vulnerability to a cybersecurity breach calls for a necessary new component to the due diligence process when preparing for an M&A transaction. Uncovering a target company’s cyber vulnerabilities, the scope of damage that could occur – or has already occurred – as well as evaluating existing cyber defenses implemented by the target company could meaningfully impact how an acquirer values and structures a deal. A successful cyber diligence strategy should be scaled based on the nature, size, and complexity of the acquiring and target companies involved in the transaction.

CohnReznick provides cybersecurity solutions that are dynamic, scalable, and tailored for growth companies. CohnReznick’s security professionals average more than 15 years in the field and hold key certifications. Our professionals have deep experience assisting organizations in implementing and complying with information and cybersecurity requirements using NIST 800-53, ISO 27001, COBIT, CIS, and other leading standards and frameworks. Read our full alert, which further outlines how to build cyber diligence into your target assessment here.