M&A is no longer just about revenue, assets, and intellectual property; many organizations are increasingly worried about cybersecurity posture and risk, requiring appropriate diligence.
When organizations merge with or acquire another company, it’s also taking on the cybersecurity posture (good or bad) of that company. In some cases, organizations within an industry filled with regulations and data security standards acquire a company in a completely difference vertical, potentially exposing the acquiring company to risk.
According to security vendor Forescout’s latest research, The Role of Cybersecurity in M&A Diligence, organizations are very aware of the ramifications of cybersecurity as part of a deal, and are taking steps to proactively identify issues before the papers are signed. A vast majority (81%) of organizations are putting more of a focus on a target’s cybersecurity posture than in the past as part of the diligence done.
And a target company’s security stance can often be the difference between signing the papers and calling it off completely. According to the report:
- 53% of organizations encountered a critical cybersecurity issue or incident during an M&A deal that put the deal into jeopardy
- 73% of organizations say a company with an undisclosed data breach is an immediate deal breaker
Even with the focus on doing proper cybersecurity diligence, organizations are having a tough time. With only a little over one-third (36%) or organizations feeling like their IT team had enough time to review their target’s cybersecurity standards, processes and protocols, it’s evident that most organizations don’t do enough to ensure a solid security stance.
When asked what’s the top issue that puts organizations at risk, not surprisingly human error ranked at the top with 51% of organizations.
To avoid issues like these, addressing the top concerns well before being acquired is necessary. Organizations concerned with users as a security issue should look to Security Awareness Training. This training elevates the user’s thinking about organizational security, how they play a role in it, and what they can do on a daily basis to help avoid incidents.
We live in an M&A world, so it’s plausible even your organization could be acquired someday. Putting your user security in the best possible position with Security Awareness Training will help to improve the outcome of any security diligence done, moving M&A activity forward.