• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Crucial Point LLC

Accelerating Technology

  • About Crucial Point
    • About Bob Gourley
    • Announcements
    • Corporate Events
    • Press
    • CTOvision
      • Go Pro!
  • Contact Us
  • Services
    • Technology Due Diligence
    • CTO Advisory Services
    • Compliance and Cybersecurity
    • CTO-as-a-Service
    • CISO-as-a-Service
    • Corporate Events
  • Crucial Point Clients
  • Cybersecurity Best Practices
    • Cybersecurity Best Practices
    • Cybersecurity At Home
    • Health Insurance Portability and Accountability Act (HIPAA) Security Rule Compliance
    • The FFIEC Cybersecurity Assessment Tool Can Be Used To Raise Your Security Posture
    • Companies Who Interact With European Citizens Must Check Architecture For Compliance With New Data Rules

Technology Due Diligence for Mergers and Acquisitions Now Requires Cybersecurity Assessment

Home » Announcements » Announcements » Technology Due Diligence for Mergers and Acquisitions Now Requires Cybersecurity Assessment

Historically due diligence assessments before Mergers & Acquisition (M&A) transactions have focused on traditional risk areas that could pose a significant financial risk, like issues of tax, employment, compliance with regulatory environments, intellectual property protection, and of course contracts. Now that technology is a part of every firm’s business model things have changed. Cybersecurity has become part of every M&A due diligence.

Crucial Point has extensive past performance in cybersecurity assessments on both side of M&A transactions. We have helped acquiring firms better understand the digital risks and security posture faced by the firm they are going to acquire, and we have helped firms that want to be in a better position to be acquired ensure they have taken prudent steps to reduce their digital risks.

If you are on the buy side of an M&A deal, you will want to make sure your cybersecurity due diligence delivers the information you need. This includes:

  • Information that may point to not yet revealed cybersecurity problems
  • Estimates of the cost to remediate cybersecurity issues
  • Information on the risk due to cybersecurity issues, including quantification if possible, since it could impact decisions on whether to consummate the deal or negotiate down the purchase price
  • Indications of compliance problems
  • Understanding of security frameworks/approaches
  • Understanding of the security architecture
  • Awareness of breaches and how they have been responded to

If you are on the sell side of an M&A the information above should motivate you to focus on your security posture. Other considerations include:

  • Does your entire executive team understand their role in cybersecurity?
  • Do you have strong governance (policy, process, leadership) that supports your security compliance requirements (which may well include, for example, the Gramm-Leach-Bliley Act (GLBA), FFIEC, FINRA, FISMA, HIPAA, HITECH, Fair Credit Reporting Act (FCRA), and others
  • Do you have an up to date, actionable cybersecurity policy? Do you have an incident response plan? Do you have a privacy policy that is actionable and applied?
  • What is the status of your technical defenses?
  • Have you had appropriate independent verification and validation of your approach to cybersecurity?

Whether you are on the buy side or the sell side of an acquisition, we recommend you start with a cybersecurity assessment to cover all aspects of cybersecurity people, process and technology.

For more information see Crucial Point LLC Technology Due Diligence services.

Filed Under: Announcements, Best Practices, CTO as a Service, Cybersecurity, Technology Due Diligence

Primary Sidebar

Our Latest

OODA LLC: Put our team of experts on your side

Crucial Point is now part of OODA LLC. OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and … [Read More...] about OODA LLC: Put our team of experts on your side