For years, cybersecurity was considered a “check-the-box” discussion during the merger and acquisition (M&A) process. It was almost always examined to ensure there weren’t any glaring issues or major red flags—but there wasn’t a whole lot of care or thought put into it.
But this status quo process is no longer enough. History has shown that a lack of due diligence on cybersecurity during the acquisition process can be devastating to the acquiring organization. Luckily, there are tools available like BitSight Security Ratings for Mergers & Acquisitions that can help you understand the true cybersecurity posture of your acquisition. Below is an information security due diligence checklist, highlighting the four reasons you should consider using BitSight Security ratings before, during, and after any merger or acquisition.
You likely remember the newsworthy fiasco between Verizon and Yahoo: While Verizon was finalizing a deal to purchase Yahoo, Yahoo disclosed a major data breach. This news impacted the purchase price to the tune of $350 million. A detailed history of security issues at Yahoo emerged even after the deal was finalized.
Companies that conduct thorough due diligence of the security posture of acquisition targets using BitSight Security Ratings review historical security data and can use that information to structure M&A deals. If their acquisition target has a long or constant history of security issues they may be able to negotiate a lower sale price to counteract potential cyber risks. More importantly, acquiring companies may also be able to help targets improve their cybersecurity posture, thereby reducing the level of risk incurred as a result of the transaction.
While some companies have been breached during a merger or acquisition transaction, others have been breached well after the deal has gone through. A prime example is TripAdvisor’s 2014 purchase of Viator, a tour-booking company. Just a few weeks after the completed transaction, Viator’s payment card service provider announced that unauthorized charges occurred on many of its customers’ credit cards. The breach affected 1.4 million users and led to a four percent drop in TripAdvisor’s stock when the news broke.
BitSight can help here as well. Security Ratings are correlated to the likelihood of a breach, so if the rating of an acquisition target indicates they are at risk for a future cyber attack, that risk is inherited by the acquiring company as part of the deal.
Since acquiring companies inherit the digital footprint of organizations they buy, security and risk departments at both organizations need to have a simple and effective way to collaborate. Here is how BitSight Security Ratings can help with this process:
Today, cybersecurity is a business differentiator, and BitSight customers who have a good Security Rating may use it as a selling point. For example, a highly-rated law firm would be considered more trustworthy. The same idea can be applied to acquisitions. Acquiring a company with a good security posture could be a strategic move, as it could either reinforce or enhance your company’s own security posture and strategy.
Using BitSight Security Ratings to continuously monitor your acquisition before, during, and after an M&A deal is a critical step. Without this deep look at your target’s security posture, you could end up acquiring vulnerabilities that could cause major damage if exploited.
For more information about BitSight Security Ratings for Mergers & Acquisitions, download this free data sheet. It will explain why objective measurements are critical in this process, details on the data-driven analysis of security performance, and key benefits of using BitSight.
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year...
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has...
Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats. Users expect that the sites and services they rely on are...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469