 back to blog

Controlling Cyber-risk in Mergers and Acquisitions

By
Henrik Davidsson
,
Sr. Director for Global Partner Strategy, Programs & Enablement, Vectra
and
|
September 21, 2020
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

Acquiring a company is a massive undertaking and requires significant amount of planning and ideally flawless execution. Time is of the essence. The quicker an integration materializes, the faster the time to value. On the other hand, being the target of an acquisition also poses a threat to shareholders and company valuation if you do not have your house in order before due diligence or, in the worst case, the months following the acquisition.

In a survey by West Monroe Partners, executives said 52% discovered a cyber problem post deal. And 41% said post-merger integration is their main cyber worry. According to the study, cybersecurity is the No. 1 reason why a company walks away from a deal, and the No. 2 reason for regretting a deal.

More and more organizations are now facing these issues. Today it’s common for merger and acquisition (M&A) agreements to include a clause that the target company might risk up to 30% devaluation if it falls victim to a cyber-breach during the 12-month period after an acquisition. These significantly increase the stakes well beyond the cost of an actual breach and the recovery process.

There are several critical cybersecurity challenges to overcome and manage during an M&A

Merging two companies creates broader attack surface

The potential attack vectors an attacker might leverage increase and leave the networks of both the acquiring and target companies exposed and vulnerable.

Inherited or imported threats

Introducing a new organization into your network can impose a significant threat without visibility into hidden attackers.

Insider threats

During mergers the potential threats from insiders increases for various reasons, concerns, job uncertainty.

Third parties

Business and technical consultants who are commonly employed during M&As can knowingly or unknowingly become pawns in a cyberattack.

The burden on IT and security teams

Throughout the duration of M&As, IT and security teams from the acquiring and target companies are typically spread very thin.

How Vectra can help

In the M&A process, Vectra can be leveraged by the target company to conduct a security assessment as well as by the acquiring company to assess risk and compliance of the target organization. Vectra is also instrumental in accelerating the M&A process using AI-driven threat detection and response for cloud, data center and enterprise environments.

The Cognito Platform from Vectra speeds-up due diligence and integration by automating threat hunting and prioritizing detected threats based on certainty and risk. This enables faster response and mitigation and conclusive incident investigations. Whether it’s an insider threat or an external threat, the Cognito Platform automatically detects malicious behaviors in every phase of the attack lifecycle—command and control, internal reconnaissance, lateral movement, data exfiltration and botnet monetization. Cognito automates manual processes and consolidates thousands of security events and historical context in real-time to pinpoint compromised hosts that pose the biggest risk.

These capabilities are crucial to ensure that cyber threats are not inherited by the acquiring company or the target company, eliminate attack surface vulnerabilities, and accelerate integration as a result of M&A.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch
CONTACTREQUEST A DEMO