M&A transactions: Cybersecurity - the underestimated danger

Whether it's an acquisition or a spin-off of company shares, one crucial factor is often disregarded in such business deals: corporate IT security.

Mergers & Acquisitions
Was IT security also put under the microscope in this M&A deal? © depositphotos, SergeyNivens

 

When a mergers & acquisitions (M&A) deal is pending, the due diligence process examines the economic, legal, tax and financial circumstances of a company in detail. But what is often underestimated: The examination of IT security should be given just as much importance. Cyber risks can drastically reduce the market value of a company and even be the reason for the failure of a merger.

If customer data is not adequately protected, data leaks not only cause lasting damage to companies' reputations, but also to their assets. Facebook, for example, lost more than $50 billion on the stock market after the Cambridge Analytica data scandal.

It should also not be underestimated that after the new data protection regulation comes into force in May 2018, significant fines can be expected in the event of a breach of the guidelines.

M&A transactions can be triggers for cyber attacks

Once the transaction has been successfully completed after intensive risk assessment, however, information security remains a critical issue, namely when merging companies' IT infrastructures.

When a company is acquired, hundreds, possibly thousands, of new devices from a wide variety of manufacturers are added to the existing architecture - the result is a complex, confusing network that presents Chief Information Security Officers (CISO) with a whole new set of challenges. Any security vulnerabilities that may have arisen must be identified and remediated immediately.

The same is true for divestment - when integrated IT systems are separated, completely unknown threats can come to light. The separation process can take months, even years. It is therefore essential to develop a holistic security strategy for the transition phase.

Protection through firewalls, network security and vulnerability management are essential

No matter what stage the company is currently in: In order to successfully defend against cyber attacks and make optimal use of resources, it needs an automated solution. The assessment of cyber risks must not be based on the subjective perceptions of various employees, but rather through the implementation of strict security rules.

A network model that visualizes the existing architecture helps to immediately identify and combat threats as well as vulnerabilities. Changes to the network structure should be tested beforehand in a virtual environment to save time and costs. Cyber attacks can also be simulated in such a network model to test the effectiveness of security protocols and firewalls.

CISOs and CFOs cannot address the issue of cyber risks in M&A early enough. They should be on board from the beginning, because an early focus on and investment in IT security creates the basis for a successful business combination without open security edges.

Jörg von der Heydt, Channel Director DACH at Skybox Security

 

(Visited 68 times, 1 visits today)
h2> More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link