Evaluating cyber risks in M&A due diligence

Author

Liberty Advisor Group

Evaluating potential cybersecurity risks in Mergers & Acquisitions

Not long ago, due diligence around mergers and acquisitions focused primarily on financial performance and product pipelines. Today, vulnerability to cyber threats is a key element in this process – as Yahoo found when two massive cyber attacks led Verizon to reduce its purchase price for the Internet company by $350 million.

Now that all companies rely on interconnected digital data and IT systems, infrastructure security has a real impact on the value of the company to a purchaser -in terms of the cost of upgrading to more secure hardware, and of potential damage to stock price and brand equity from previous, ongoing or potential cyber-attacks. According to an IBM study, the average global cost of a data breach is close to $4m – and this is before reputational damage is taken into account.

Quantifying cybersecurity risks requires a clear measure of the likelihood and severity of a cyber attack, broken down by attack type and potential financial losses. There is also a need for threat risk quantification to assess financial impact by asset type, and for benchmarking to allow comparisons within a particular industry sector and historically.

Without appropriate cyber due diligence, “the acquirer in an M&A transaction is at risk of buying the cyber vulnerability of the target company and assuming the damage and liability from incidents it suffers,” writes the American Bar Association. The acquirer may not understand the potentially devalued nature of the assets it is buying, nor the size of liabilities it may take on.

In an innovative approach to measuring the cybersecurity threats of an individual company from an attacker’s point of view, Liberty Advisor Group uses proprietary data algorithms to assess a company’s risk cluster, technology vulnerabilities, and third-party exposure in comparison to all other companies. With this new rating standard, a higher number the more likely an attacker can exploit a technology’s vulnerabilities. This tool can also evaluate vendors, applications, and technologies, to enable business leaders to focus on areas that pose the greatest enterprise risk.

Our proprietary algorithm was built using machine learning and industry expertise to analyze any public and private companies. This can provide a direct, real-time comparison of their relative risks. For example, Marriott’s threat score indicated that an attack was imminent – and could potentially have saved them large sums of money while protecting brand reputation and customer trust.

For more on our Mergers & Acquisitions offerings click here.

Author

Liberty Advisor Group

Add insights to your inbox

Get the latest in leadership news delivered straight to your inbox with our weekly newsletter.

Subscribe Today

Recent Insights

See More Insights

Recent Insights

group photo of liberty employees

Liberty Advisor Group named to Best Workplaces in Chicago™ in 2023 by Great Place to Work and Fortune Magazine

Read More
graphic for SOC2 audit exam

Liberty Advisor Group Successfully Completes SOC 2 Type 2 Audit Examination

Read More
15 year anniversary graphic for liberty

Celebrating 15 Years – Liberty Advisor Group

Read More
lightbulb that looks like a brain

GenAI and You – Why You Need a Data Maturity Assessment

Read More
budget dice

IT Budgeting: The Importance of Getting It Right Each Year

Read More
man on laptop placing blocks with dollar signs

Aligning IT Strategic Plans to IT Budgets

Read More
magnifying glass on table

14 Types of Data Analysis to Optimize IT

Read More
piggy bank and papers balancing on a fulcrum

The IT Budgeting Cycle

Read More
3D holographic bar graph

Forecasting IT Budgets

Read More
disheveled arrows that become orderly

Importance of Aligning IT Budgets with the Organization’s Strategic Objectives

Read More

View More Insights