Cybersecurity Issues in M&A Continue to Grow

The reality of the modern business environment is that every sector is vulnerable to cybersecurity risks. For three consecutive years, we’ve surveyed dealmakers about how they view and manage cybersecurity risks. Here’s what we found. 

More and more dealmakers are discovering a cybersecurity problem after a deal has closed.

It’s no wonder why dissatisfaction with cybersecurity due diligence is growing. 

And it’s making them think twice about going through with a deal. In 2017, corporate buyers indicated a higher sensitivity to cybersecurity issues and cited cybersecurity as the No. 1 reason they abandoned a software deal. 

Among the comments we heard from those who were polled: 

“We carried out one deal in a rush. We wanted to get it done soon and didn’t focus on the software or the risks in integrating the software. Because of this, we faced a lot of risks from hackers and had to take our systems offline. Managing the whole buying process was not easy.” - CEO, American corporation 

“There were deals that were too good to be true, and once we started the due diligence process we realized that the companies had a lot of issues. They had underdeveloped cyber-risk systems and a lot of financial problems. To make matters worse, says the executive, “The management was also not very easy to work with." - Chief Strategy Officer of a German Corporation 

“We have also faced problems from cyber threats when developing cybersecurity systems was too costly.” - CEO, U.K.-based corporation 

“During the integration process we come across problems that we need to manage. Cybersecurity glitches are very common. But our team is very quick on the uptake and keeps looking for these problems. The team deals with them before they become a problem for the company.” - CEO, Swedish corporation 

In 2018, 21% of corporate buyers indicated cybersecurity vulnerabilities or undisclosed breaches were the biggest oversight in their most recent healthcare acquisition. 

Among the comments were heard from those who were polled: 

“We did have to conduct additional due diligence on cybersecurity until we got everything right. We needed to commit additional resources to the process as well as revamp our methods, as we were not satisfied with the initial results.” - CFO at a medical data and software company 

“The most prominent attacks on healthcare institutions have been from ransomware, so of course we don’t want to be a victim of this due to a weak cybersecurity system. Another priority is that users of our systems be made aware of how to recognize such attacks and what they can do to prevent them from spreading to connected systems.” - CFO at a healthcare facility management company 

Cybersecurity issues post-close are inevitable. Prompt and thorough remediation are critical. In 2018, these were the main issues uncovered post-close: