One of the things that gets lost in all of the heady due-diligence action of a merger or acquisition is the impact of the union on cybersecurity. In an effort to help organizations discover and mitigate risks which can heavily influence the value of an acquisition, Primitive Logic and AsTech Consulting have launched the Merger & Acquisition (M&A) Tech and Security Due Diligence Partnership.
As Verizon’s recent delay of its Yahoo! transaction in the wake of a shockingly large data breach demonstrates, companies are waking up to the downsides of poor security profiles on the part of acquired companies—but there’s a long way to go. This launch is meant to give more organizations and investment advisors access to qualified IT and cybersecurity experts that can help uncover hidden issues to more accurately guide valuations throughout M&A negotiations.
“Hidden IT complexities and cybersecurity vulnerabilities in software and network infrastructure pose great risks to successful mergers and acquisitions. However, assessing these aspects of target companies [has] been traditionally ignored during the M&A due diligence process, but that is no longer feasible,” said Andrew McDonnell, president, AsTech Consulting.
M&A is on the rise; according to Deloitte, 75% of surveyed organizations will be in discussion or actively involved in M&A activities in 2017. However, the nature of M&A itself poses technical, security and privacy risks that must be identified and understood before the transactions are completed, during the integrations process and even after completion of the transaction. Additionally, what constitutes “due diligence” is changing. Where once it predominantly comprised assessment of the financials, channels and partnerships, it must now expand to include technical and security evaluations of intellectual property, networks and processes.
There are many risks—it’s critical to assess the details of how a company is run technically, how that company is protected from a cybersecurity and privacy perspective, and what unknowns might affect product or technical integration success. A focused technical and cybersecurity “deep dive” can uncover any vulnerabilities in platform or system architecture, overlooked or unanticipated complexities with integration, and security weaknesses or breaches—all of which can potentially cost companies millions of dollars in remediation and have a material impact on the deal.
“This strategic partnership combines years of experience, skill and knowledge in the key areas often overlooked in the M&A due diligence process—enterprise architecture, systems integration and cyber security—and brings them to the forefront,” said Jill Reber, CEO, Primitive Logic. “We have been implementing and integrating complex large scale systems for over 30 years, so we understand how costly it can be to overlook potential technology pitfalls in a merger or acquisition process. Our resources can quickly find and size potential risk areas to inform you about the information you need to know.”