Epic Changes in the M&A Due Diligence Processes

Historically, M&A due diligence processes were focused on the legal, financial, accounting / tax, and overall business environments, with very limited attention allocated to the IT realm. The IT aspects include:

  • Maintenance;
  • Upgrades;
  • Software Licensing; and
  •  Migration / Integration costs.

Due diligence requires a new set of players at the table. Over the past decade – the focus was on information, data, and connectivity. The new player is the cyber security specialist, who can mitigate the exposures of attempting to couple multiple environments into one interlinked environment.

In comparing today’s market to past markets, M&A transactions increased exponentially; furthermore, these transactions:


  • Must happen more quickly;
  • Are more complex;
  • Must address the global economy and its restricted security; and
  • Must address the complexities of technology / cyber security.

The challenges associated with cyber security are geometrically greater than those of the past decade – even five years ago.

The vast majority (+70%) of M&A transactions never reach the projected synergies. Now we have to add the complexities of integrating cyber security as it pertains to data, voice, applications, networks, and mobile solutions.

The cyber security risks associated with M&A due diligence are higher now than ever before. The expertise required is extremely unique. Too many players are trying to dabble in this space at the perils of the acquiring entities.

Companies must be proactive in comprehensively exploring their cyber security, especially in M&A transactions where unknown technologies will become interfaced with one of your most precious assets – information. Do not be the ostrich with its head in the sand. Be proactive and select a PROVEN team that specializes in investigate forensics and cyber security.

How serious is this cyber security situation? Let’s look at some pertinent statistics:

  • 76% of all breaches involved exploited or weak credentials;
  • 69% of all breaches were spotted by external parties;
  • Average annualized cost of cyber crime per company - $11.6 million per year, with a range of $1.3 million to $58 million;
  • 50% were insider sabotage – taking advantage of old accounts or back doors;
  • 66% of all breaches took months, if not years, to discover;
  • 60 % of small businesses will close within months after a cyber attack; and
  • 71 % of data breaches occurred in businesses with < 100 employees.
“There are two types of companies in the US; those that have been hacked by the Chinese and those that don’t yet know they have been hacked by the Chinese.” (FBI Director James Comey)