Mergers and Acquisitions- big things happening in the world of business. M&As have yielded wonderful results and have even resulted in the genesis of some of the most successful of business firms.
Well, let’s look at another aspect of the M&A process. Typically seen as a mere boardroom thing, there are other aspects of M&A as well. Any M&A process is obviously followed by a rapid expansion of customer base and a big increase in revenues. This naturally would have security risks associated with the M&A process. But sadly, many companies tend to neglect this critical aspect of the M&A process and finally end up being victims to security attacks.
Some findings made by West Monroe regarding M&A and cybersecurity are notable. In July 2018, West Monroe had published a report which stated that cybersecurity issues in M&A continue to show a growing trend. The report, which surveyed dealmakers for three consecutive years (2016, 2017 and 2018) and focused on how dealmakers view and manage cybersecurity risks, stated that more and more dealmakers are discovering a cybersecurity problem after a deal has closed. The figure in 2016, as per the report, is 40%; in 2017 it was 52% and in 2018 it rose to 58%. The report states- “In 2017, corporate buyers indicated a higher sensitivity to cybersecurity issues and cited cybersecurity as the No. 1 reason they abandoned a software deal.” The report also states, “In 2018, 21% of corporate buyers indicated cybersecurity vulnerabilities or undisclosed breaches were the biggest oversight in their most recent healthcare acquisition.” West Monroe had also reported earlier that the top three reasons that lead to the failure of deals are security concerns (23%), financial and tax issues (23%), and problems with compliance (18%). The main worry, in the post-merger scenario, was often related to security.
Thus, when it comes to M&As, companies need to stress on the need for increased transparency and also on the importance of proper security awareness between the IT/security professionals and the C-suite.
So, what’s to be done?
The solutions are simple. Whenever an M&A process is being initiated, organizations must make a proper assessment of the security of the companies with whom they are merging or whom they are acquiring. Yes, this is of utmost importance, as important as assessing the financials, brand presence and such other factors. It’s always advisable to bring in a security team or get some experienced professional involved, evaluate the security policies and protocols of the company that’s being taken over or with which the merger is happening. Major aspects, like endpoint protection, the effectiveness of the firewall software and other security software, network security etc need to be evaluated. The security team must also look into the potential risks the internally developed products of the company (which is being acquired) could cause.
During any M&A process, the acquiring company must focus on doing damage control. On all fronts. Proper security policies and practices must be a priority and security should be at the forefront of all discussions that are part of the M&A process. Don’t just focus on the profit margins, focus on the security aspect as well. That’s most important.