Challenges of cybersecurity due diligence in the acquisition process

Acquirers are increasingly aware of the need for vigorous cybersecurity due diligence in M&A, yet often lack the proper personnel to conduct thorough analyses, according to a new study by West Monroe Partners and Mergermarket. As the importance of big data and IT rises across sectors, cybersecurity has become a vital area to assess at deal targets.

77 percent of respondents said the importance of cybersecurity issues at M&A targets had increased significantly over the last two years, due to the increase in corporate data breaches and the liabilities that can be incurred as a result. Vulnerable security systems can also indicate poor risk management at a company.

“In the last 18 to 24 months, we have really started to see the importance of cybersecurity resonate with our clients,” said Matt Sondag, Managing Director at West Monroe Partners. “When a data breach lands on the front page of CNN.com or The Wall Street Journal, companies start to pay closer attention to the issue.”

Key findings

• 80 percent of respondents said that cybersecurity issues have become highly important in the M&A due diligence process.
• 70 percent of respondents said compliance problems are one of the most common types of cybersecurity issues uncovered during due diligence, while 40 percent said a lack of comprehensive security architecture is also common.
• More than a third (40 percent) of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.