Cybersecurity Due Diligence Is Critical

The 2015 security breach of major insurer Anthem, which left an estimated 80 million customer records exposed, and the compromise of the information of 157,000 customers of British firm TalkTalk, are just two out of many examples of serious high profile cyberattacks that have spurred concerns over the security of corporate information and demonstrated that every sector is vulnerable to cyber threats.

In response to the growing cybersecurity challenges facing corporate mergers and acquisitions (M&A), West Monroe Partners, a Chicago based management and technology consulting firm, recently released a report providing insight into the complexities and challenges of cybersecurity due diligence in the acquisition process.

West Monroe Partners commissioned Mergermarket, a New York based media company, to interview a number of North America-based senior M&A practitioners, including corporate executives and private equity partners.

The 28 page report, “Testing the Defenses: Cybersecurity Due Diligence in M&A,” revealed that the potential costs of cybersecurity problems are enormous. In 2015, the Identity Theft Resource Center reported 781 data breaches at companies in the United States, with the average cost of a data breach being $3.79 million, according to a survey commissioned by the International Business Machines Corporation (IBM).

Fortunately, acquirers are starting to take note. Over three-quarters of respondents said that significant data breaches and associated costs over the past two years have prompted more attention to the cybersecurity of M&A targets. For example, the practice of investigating cybersecurity practices of the other business before a key merger is becoming increasingly important for corporations.

“When a data breach lands on the front page of CNN.com or The Wall Street Journal, companies start to pay closer attention to the issue. In the last 18 to 24 months, we have really started to see the importance of cybersecurity resonate with our clients.” Said West Monroe’s Managing Director Matt Sondag.

However, more than a third of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.

The report also found that in the majority of cases, cybersecurity issues alone are not enough to cause a buyer to abandon an acquisition with 77 percent of respondents saying that they have never walked away from a deal for that reason.

The study’s findings led to five main findings:

  • Cybersecurity diligence is no longer optional.
  • Knowledgeable personnel are key.
  • Good governance trumps bells and whistles.
  • Be practical when assessing risks.
  • Remember to implement deal protections.

Good governance is a crucial aspect of a cybersecurity strategy and must include ongoing review and renewal of best practices. Even with the most cutting-edge technology, an organization without effective security governance is not equipped to protect itself against cyberattacks.
 
“In reality, it doesn’t matter how many tools you have and how good or bad they are if you’re not actively managing the use of them and constantly adjusting your security program,” said West Monroe’s Senior Data Security Architect Paul Cotter.

HSToday

 

« Easy: Hackers Take Down A Hospital
What Makes A Data Scientist? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Nouveau

Nouveau

Nouveau Solutions is a specialist IT managed services company with a strategic focus on delivering cloud, infrastructure, compliance, network and security solutions.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Confidencial

Confidencial

Confidencial is a provider of solutions that help organizations secure their most sensitive information, regardless if that information exists inside or is shared outside the organization.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

AI Security Institute (AISI)

AI Security Institute (AISI)

The AI Security Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.