Cyber Risk Profile of a Merger or Acquisition

Companies often use mergers and acquisitions to expand their market share and increase profitability. To appropriately assess a potential target, acquiring companies regularly dedicate time and resources to identify risks and quantify the target company’s value.A company’s cyber risk is not commonly considered a factor in pre-acquisition assessments, nor does an organization’s Information Security team frequently play an active role in this process. Due to these gaps, acquiring companies have identified incidents both during and after an acquisition deal has closed. These late discoveries resulted in millions of dollars in lost revenue and or breaches affecting millions of customers. Advancements within the Information Security industry have enabled the collection of open-source information through tools and standardized reconnaissance methodologies. Based on these accomplishments, research must be conducted to determine how this information can be used to calculate a company’s cyber risk without the benefits of internal visibility.