HIP

In the process of M&A (merger or acquisition of companies), it is important to carry out the due diligence process, in order to have available the valuation of assets, financial data, projections, brand values, etc.

From a traditional point of view, due diligence has always focused on analyzing the economic and financial situation of the company to be acquired.

What about the concepts of cybersecurity and data protection, and are they taken into account in the Due Diligence process?

In today’s globalized and digitized world, we must also analyze the state of health in cybersecurity along with the analysis at the GDPR level in the case of M&A with European companies since it provides us with a more global vision of the risks of the merger or acquisition and in some cases, can even determine whether the merger or acquisition will be carried out, since when a merger or acquisition is made you are buying their data but also their risks or problems in cybersecurity and regulatory compliance in some cases, therefore, Cybersecurity Due Diligence is necessary.

According to the NYSE Governance Services survey, 85% of CEOs and executives recognize that a cybersecurity breach in a company, an information leak of financial, personal, customer or employee data of a target company can have serious implications in the sale or acquisition transaction. Likewise, 22% of those surveyed determined that it could paralyze the purchase and 52% said that it would reduce the price of the purchase.

At A2SECURE we have conducted cybersecurity and GDPR due diligence projects, given that we know the risks of companies, their weaknesses and how cybercriminals can attack companies and cause their value to decrease.

Or even if the company to be purchased has had a security breach or is susceptible to having a security breach, the value of its assets decreases considerably, due to the risk exposure it has and that the purchasing company is going to have to assume.

The service provided to one of our Cybersecurity & GDPR Due Diligence clients has focused on the sector of the target company, analyzing its threats and the risks to which the company may be subject, in order to provide the acquiring company with all the necessary security and GDPR data of the company to be compared and to have all the cards on the table in the buying and selling process.

This project has been relevant when making decisions since it is necessary to know the current status of the company being purchased from all areas and these include cybersecurity as a key point.