Between breach and detection
Fox-IT’s Romano Herrie and Christian Prickaerts spoke to M&A Magazine about the role of cyber security in mergers and acquisitions (M&A). How can you estimate the cyber security of an acquisition target? And what level of cyber security renders a company ready for sale?
decision makers are becoming increasingly aware of the risks of cyber crime. In addition, compliance requirements are becoming stricter, for example through the introduction of GD-PR. Takeovers are particularly sensitive to cyber crime, because some vulnerabilities are only discovered after the takeover. International research shows that there are on average 100 days between breaches and detection. Many companies often contact us until after an incident. They have not noticed any vulnerability before. This also happens in mergers & acquisitions’’, says Prickaerts.
‘’In the pre-acquisition phase, there is often no time for extensive research’’, says Herrie. In order to make a good risk analysis, it is important to answer a number of key questions regarding the security of an acquisition target. Before you sign as a buyer, you need to have a very good idea of where the company stands and what needs to be done. And, of course, what the necessary measures will cost I the post-acquisition phase’’.
An ideal package of measures concerns not only technology, but also behavior and mindset. ‘’Many companies still struggle with behavior and mindset”’, says Prickaerts. Changing the mindset and behavior of your employees concerning cyber security is a big challenge.