As many as 50% of organisations in Singapore have encountered a critical cybersecurity issue or incident during a mergers and acquisitions (M&A) deal that put the deal in jeopardy, according to a new study commissioned by Forescout Technologies.
The M&A cybersecurity risk study surveyed more than 2,700 IT and business decision makers across the United States, France, United Kingdom, Germany, Australia, Singapore and India to examine the growing concern of cyber risks and the importance of cyber assessment during M&As and the subsequent integration process.
The research revealed more focus on cybersecurity risk during M&A is needed. According to the survey, cybersecurity is now a top priority with 85% of Singaporean ITDMs and BDMs putting more of a focus on a target’s cybersecurity posture than in the past.
This comes as no surprise, as cybersecurity concerns discovered after consummation of the deal often present costly risks that would have been factored into the deal negotiations and/or may have led to the dissolution of the deal. After closing the acquisition, 65% of respondents have experienced regrets in making the deal due to cybersecurity concerns.
“Traditionally, when acquiring a company, M&A due diligence has been focused on aspects such as finance, legal, business, operations, human resources and IT, among others,” said Wahab Yusoff, VP for Asia at Forescout.
“However, in light of recent breaches, it is clear that organisations considering an acquisition could benefit from greater, dedicated cyber evaluation,” he said.
The IT and cyber landscape has changed dramatically in recent decades, with connectivity becoming increasingly prevalent. All of these factors have greatly complicated the evaluation and decision making process, and has made it a requirement to have new and innovative approaches to manage cyber risks.
“Cybersecurity assessments to have full visibility into all connected devices are therefore a key requisite not only prior to the acquisition, but continually throughout the integration process as well,” Yusoff said.
Findings also show that proper cybersecurity evaluation takes time, but acquisitions often run on fast track; and connected devices and human error put organisations at risk.
Further, cybersecurity issues are prevalent; and internal IT teams may lack the skills to conduct cybersecurity assessments.