Cyber threat flash points
Mergers and acquisitions
Corporate transactions that change your IT infrastructure and processes can create gaps in information security systems, polices, procedures and safeguards.
Mergers and acquisitions also often come with headcount reductions, activating many highly-motivated disgruntled ex-employees familiar with their organizations’ systems, processes and security measures.
A recent proposed acquisition of a technology company by a foreign organization had to be postponed indefinitely when it came under governmental scrutiny. There were concerns that certain software used by the foreign organization would expose the technology company, and potentially the wider country, to unacceptable cyber risks.
Questions to ask:
- How secure is the data about this transaction? Could unauthorized persons access this sensitive information?
- Does the merger or acquisition change our threat posture and introduce new potential threats?
- If we are acquiring IP, have we potentially imported a cyber-vulnerability or a new cyber target?
- Are we conducting due diligence into the cybersecurity effectiveness and cyber risk profile of our target?
- Do our new employees understand the cyber culture of our organization?
- Will the transaction be subject to governmental cyber concerns?