Cyber Security Mergers & Acquisitions
There may not be such a thing as a typical merger or acquisition, however, whatever the size, scope, geography or sector, there are common elements that should be considered when it comes to cyber security.
A cyber security due diligence workstream primarily identifies and quantifies the risks and liabilities in support of the deal and any subsequent integration. Technical in nature, it is highly focused and is designed to give stakeholders an understanding of any material exposure requiring action either pre or post-close.
A full report and read-out will typically be the core means to capture the distilled information and insights along with at least one interim review. However, it is imperative that a deal team receives timely reports of major issues that could have a significant impact on the deal. As such, cyber security due diligence is often tightly coupled with regular touch points outside of formal reporting.
While not the primary goal, the findings from this type of due diligence can and do influence whether a deal should actually proceed and at what price.
This paper will cover the risks, opportunities and responsibilities associated with cyber security due diligence during the mergers and acquisition (M&A) process. It highlights key questions that should be asked and provides high-level considerations and recommendations for various business functions involved in the due diligence process.
The authors have advised on cyber security in pre and post-close due diligence on more than 100 deals over the last ten years, with transactions ranging in size from a few million through to multi-billions of pounds. The total value of the deals that NCC Group has provided due diligence on during this period is more than £100bn, and of those we have advised on, 98 per cent have completed successfully.
To download the NCC Group’s Mergers & Acquisition White Paper please click here