According to a survey conducted on IT and business decision makers, 65% regretted acquiring a company because of cybersecurity problems. If your business is planning to merge with another business or acquire a new business, then cybersecurity is one thing that you should take into consideration. Marriott-Starwood merger is a great example why.
When Marriot acquired Sherwood’s hotels, they did not know that they had acquired new hotel brands that were affected by data breach. Due to that data breach, data of 500 million customers was hacked before the deal was finalized. After the acquisition, CIOs are put under immense pressure to accelerate integration without realizing the consequences it could have for your company. Your IT department might pursue the process at a slower pace because of complexity but they are making sure that the integration process moves smoothly without disrupting your business operations.
In this article, you will learn about five critical cybersecurity processes every business must implement before finalizing the merger and acquisition deal.
1. Due Diligence Is Key to Success
The first thing you need to do is start cybersecurity due diligence before you do anything else. Analyze the company you are about to acquire or merge with from the security perspective. If the prospective company has security vulnerabilities and higher risk of data breach, then you should renegotiate the sales price.
That is exactly what Verizon did when they set out to buy Yahoo. Verizon cut the price by $350 million when they identified two data breaches. In fact, this can be a deal breaker for many businesses and might deter them from acquiring the affected business. Hire a third-party auditor and ask them to conduct a cybersecurity assessment and perform device audits. Understanding the risk posture is also critical. A company’s risk posture refers to its approach to secure their sensitive data from internal and external threats. Everything from planning to implementation, management to remediation all fall under the risk posture.
2. Collaborate from the Beginning
When merger and acquisition is complete and deal is closed, it is time to focus on the integration aspect of merger and acquisition process. Thanks to cloud-based tools, some of these tasks and subtasks are completed quickly. If you start the integration process from the very beginning, it will reduce the burden on your IT team, CIO and new team members. Start collaborating with your teammates and streamline your work processes.
3. Look Integration from Infrastructure and Access Standpoint
Yes, it might be a little difficult for many to take a step back and start looking at things from a infrastructure, security and access control standpoint. When you start to see a business from an infrastructure, and access control perspective, you can unearth hidden sources of risks that might go unnoticed. This is very important in order to make sure both organizations align with one another. Technical integration might take a long time, but you should be patient and should not try to speed up this process as it can lead to new risks.
Here are some of the biggest risks you might have to deal with during integration:
- Human error
- Poor configuration
- Connected devices
- Data management and storage systems
When two companies merge or one acquires the other, it might increase their risk from an access standpoint. The number of devices connecting to the network will increase drastically and securing thousands of devices can become a pain in the neck. What’s worse, is that all these devices have different types and each might have a different security requirement. For instance, smartphones need different kinds of security than laptops or desktop computers.
All the infrastructure should be seamlessly integrated which is not often the canse. This might happen due to human error or poorly configured hardware such as best dedicated server or cloud based systems. Despite investing heavily in cloud infrastructure, most of them fail to take full advantage of cloud capabilities due to poor management and configuration. In fact, 27% businesses admitted that their cloud computing budget went down the drain. With proper cloud management and right cloud configuration, businesses can not only make the most of the cloud but also minimize the risk of cloud based attacks.
4. Culture Plays a Vital Role
Whether it is a merger or acquisition, two parties are involved. Each one can have their distinct mission, vision, culture, values and business models. Your goal is to integrate the capabilities of both companies into a single integrated system. There are instances when a company might have more mature security posture as compared to the other company.
With so many differences between the two companies, it might not be easy to fuse them together, but you will have to work closely with all the stakeholders, bring them on the same page and work cohesively towards achieving a common goal. Retaining all the employees is another issue that crops up during merger and acquisition.
5. Optimize The Process
Nothing stays still in the business and IT world. Everything from environments to systems evolves at a rapid pace. This means that what works today might not work for you in the future. To deal with ever changing business dynamics, businesses will have to constantly tweak and improve their processes. Incorporate cybersecurity into due diligence from start to the finish to ensure smooth transition in merger and acquisition.
Merger and Acquisition has their cybersecurity challenges and you can only overcome them if you look at it from multiple perspectives. Whether it is security, access control, infrastructure or cultural aspects, all play an important role and can either negatively or positively impact the outcome of the merger and acquisition deal. Involve all the stakeholders and keep them engaged by collaborating with the actively. This will help you to streamline your processes and remove friction and hurdles. Don’t forget to assess the risk profile of businesses you are planning to acquire or merge with. This will help you quote the right price.
Which cybersecurity processes do you implement during merger and acquisition? Let us know in the comments section below.