Mergers and acquisitions (M&As) are great ways to accelerate growth in industries, but they also pose a huge challenge, with increasing risks in cybersecurity rearing its ugly head. Businesses see cybersecurity issues as major flashpoints in hampering a deal or decreasing its value.
Cybersecurity experts agree, and a huge part of this is endpoint security. A cybersecurity risk survey on M&As found that 63% of IT decision-makers surveyed agreed that there is a wide range of cybersecurity risks for mergers. More than half of them note that during any M&A, they find Internet of Things and operational technology devices unaccounted for before the integration. The staggering amount of data put at risk by these endpoint security issues can not only disrupt the merger but also undermine the growth expected from the integration. Considering that 70% of breaches originate from them, endpoint security should be at the core of M&As. Here’s how:
Understand the cyber risks
M&As are particularly vulnerable to cyber attacks, and knowing the full scope of risks across both companies is key to making the deal go through. Never assume that the company you’re acquiring or merging with has inherent endpoint security. When Verizon acquired Yahoo, it sought almost a billion-dollar discount because of the massive data breaches it discovered from the tech giant. While the discovery of the breach and the cover-up almost killed the deal, it gave Verizon an advantage instead of a cybersecurity bust.
Do cyber due diligence
Risk profiling entails not only ensuring security and visibility across the company and endpoints, it also means navigating through specific risks and policies. The threat and regulatory landscape can vary by region, especially in this post-GDPR world. Ensuring compliance in internal and external endpoint security protocols is a necessary part of M&A due diligence.
Integrate with caution
Organizations need to be ready to work with two IT systems temporarily, at least until the integration has been completed. This entails operating with redundancies and maintaining multiple systems, but it pays to be precise. In Security Boulevard’s assessment of the Marriot breach after it merged with Starwood, it highlighted how it only takes a weak link for a breach to happen. The multimillion-dollar breach could’ve been prevented if the companies hadn’t rushed through the merger. The success of any merger hinges on the full understanding of the management systems and the technologies each organization utilizes.
Hire experts and consultants
Similar to how organizations entrust their M&A process to business professionals, firms undergoing the process can benefit from hiring cybersecurity professionals. The risk M&As pose to organizations and digital assets require consultants who are specialized in these situations. Maryville University’s recent evaluation of the cybersecurity industry notes how it is growing three times faster than any other IT role. From 2013 to 2019 the demand for experts in this industry doubled, and a huge segment of this growing industry are experts specializing in integrating systems and endpoint security protocols. With so much expertise available, there is no excuse for a company not having good cybersecurity defenses when heading into a M&A.
The overriding goal of M&As is enhancing a competitive advantage and increasing long-term performance. Being proactive in deploying endpoint security systems means going beyond the technical aspects of cybersecurity. The human aspect must be factored in too. Around 50% of compromised data is because of the users. Make sure that employees are aligned with the new integrated system. Using a centralized management system and data loss prevention solution helps in continuously streamlining the endpoint security of newly merged firms.
When companies come out victorious in mitigating cybersecurity risks in M&As, two potential advantages arise: the first being the lessons learned in navigating the M&A process, and the second being the ability to integrate IT systems. Both will prove valuable for the next big merger.
Whether you are buying or selling, the value of your deal is in the data and I.P. so, protect IT with Armarius Software for the next merger and acquisition.
By Jenice Bergh