“The Top Five Reasons a Security Assessment is Needed for M&A Due Diligence” — Advisor Perspectives, April 5, 2022.
In an Advisor Perspectives guest article, Brian Edelman, FCI CEO & Cybersecurity Expert, details leading reasons for firms to execute a Security Assessment for best Merger and Acquisition (M&A) outcome. There’s a lot at stake during M&A transactions. Security Assessment is critical for discovery of cybersecurity risk prior to contract; undisclosed or breach information can change the financial performance of a deal.
- Fully understand breach history within your target company, how breaches have been handled, and what actions have been put in place. Buyers take on the reputational risk of the seller in an acquisition.
- Disposition of IT and security needs to be clear upfront during M&A transitions with access granted to all controls.
- Create a holding or acquired group where you keep records, files, and logs separate from the parent company until full evaluations and security status are up to par.
- Buying companies shouldn’t try to fix security issues before acquiring. Let the situation determine valuation, then fix the issues if you move forward.
- Attestations used to be enough when regulations were introduced. Now, firms must be able to demonstrate compliance — explore logs, evidence, and more in a security assessment before a deal happens.
Advisor Perspectives, April 5, 2022