Latest News

Cybersecurity assessments need to play a greater role in M&A due diligence, say experts

Cybersecurity issues threaten more than half of merger and acquisition (M&A) deals, a new study has revealed.

The finding forms part of Forescout Technologies’ new cybersecurity risk survey, which looks into the role of cybersecurity in M&A due diligence.

In total, some 53 per cent of senior decision makers report their organisation encountering a “critical” cybersecurity issue or incident during M&A negotiations which put the deal at risk. The majority of these related to undisclosed data breaches, with 73 per cent of respondents agreeing that a concealed data leak is an “immediate deal breaker”.

Likewise, respondents said cybersecurity concerns discovered after completion of a deal would have been factored into the cost of the transaction, or would have led to the dissolution of the deal, had they been found earlier.

However, the research – which surveyed more than 2,700 business leaders across the UK, the US, Europe and Asia – also reveals that only 36 per cent of respondents “strongly agree” that their IT teams are given adequate time to review a target’s cybersecurity standards.

This indicates that discovering cybersecurity issues after completion of a deal may be a self-made problem, as senior decision makers race to get the deal across the line.

Worryingly, however, just 37 per cent of respondents “strongly agree” that their IT team have the skills necessary to conduct a cybersecurity assessment for an acquisition. Due to this, businesses often rely on incomplete cybersecurity audits or rely on expensive outside talent.

Commenting on the study, Julie Cullivan, chief technology and people officer at Forescout, said: “M&A activity can be a game-changing moment in a company’s history, but recent breaches shine the spotlight on cybersecurity issues and make one thing abundantly clear: you don’t just acquire a company, but you also acquire its cybersecurity posture and a potential trojan horse.

“Cybersecurity assessments need to play a greater role in M&A due diligence to avoid ‘buying a breach.’ It’s nearly impossible to assess every asset before signing a deal, but it’s important to perform cyber due diligence prior to the acquisition and continually throughout the integration process.”

Share this article:Email this to someone
Share on Facebook
Tweet about this on Twitter
Share on LinkedIn
The following two tabs change content below.
John Morgan

John Morgan

Senior Associate – Corporate / Commercial at Mander Hadley Solicitors
A law graduate of Warwick University, I trained and qualified as a solicitor in London in 1977 before spending several years in the Middle East where I acted on major corporate, commercial and banking transactions, many with an international aspect.

Make an enquiry

What is your name?*

What is your post code?

What is your phone number?

What is your email address?*

I confirm that I am aged 16 years or over.*

Brief message

*Mandatory fields

I am happy to receive promotional information and news from Mander Hadley.

If you would like to see full details of our data practices please visit our Privacy Notice and if you have any questions please email