Considering Buying a Company? You Are Purchasing Their IT Risks

Cybersecurity matters. You’re catching onto our theme – or maybe we sound like a broken record! You can’t ignore it for many reasons.

One reason is this: when you consider buying a company, you are also purchasing the existing cybersecurity risks of that company.

If you are the seller, understand that ignoring your cybersecurity can tarnish the sale of your company. Let’s dig into what we mean and why this matters.

Here’s a real example: a private equity firm acquires a midsized manufacturer. All goes well in the sale of the company. During that time, a cybercriminal organization was also targeting the manufacturer. Two months after the purchase, the manufacturer suffered a ransomware attack that locked up its systems and cost $1.2 million in damages. 

While the private equity firm thought they had considered all risks in the sale, they did not consider the risk and potential cost of cybersecurity vulnerabilities. A challenging (and expensive) lesson was learned.

What should you do before acquiring a business?

1. Just like debts and liabilities, you acquire cybersecurity vulnerabilities when you acquire a company. Consider the risk landscape and potential costs when completing your due diligence. Make sure that your current company can withstand the added cybersecurity risk.
2. In purchasing a company, consider their current cybersecurity practices and whether additional preventative cybersecurity measures will need to be enacted. Many companies do not have ample cybersecurity coverage. As you take on their cybersecurity vulnerability, ensure you are doing everything possible to prevent an attack.
3. While considering things like financials and operational costs is common, a study showed that only 10% of deals consider cybersecurity risks and potential costs. Don’t fall in that 90%!
4. Always complete a cybersecurity assessment before finishing an M&A deal. Ask PK Tech if we can help.

Managing cybersecurity risk is often an underrepresented task in many organizations. If you are considering the overall risk of any M&A deal, don’t sleep on cybersecurity risk, cost, and prevention. We can promise it will save you money in the long run.

PK Tech can support your business before, during, and after an M&A deal. From risk assessments to preventive cybersecurity plans, our qualified team is here to help. Contact us here.