A security executive from consultancy firm KPMG emphasized the importance of asking the hard questions during due diligence in mergers and acquisitions.
KPMG service leader for Information Protection Greg Bell said in a recent report that an audit of the cybersecurity measures in place in the target company, and determining whether these measures are the ones needed to secure company operations and information are important during the said process.
“In mergers and acquisitions, due diligence needs to serve as an offensive strategy that includes a rigorous cybersecurity assessment, to make sure the buyer gets the value it’s paying for. And, before pursuing a divestiture or sale, the seller can also examine its own cyber practices to help reduce time and costs, avoid surprises and sweeten the deal,” Bell stressed.
Moreover, at KPMG Deal Advisory’s Information Technology lead Micky Houston said that the audit should not only consider current risk, but should also assess systems for future danger.
“Demonstrating rigorous cybersecurity preparation is a sign of the company’s maturity and instills confidence in buyers — making the company more marketable and delivering more value to the buyer,” Bell also noted. “The purpose of due diligence has always been to decrease risk for both parties involved in the transaction process, identify value creation strategies that will increase returns, and ultimately, help quantify overall value.”