Overview
Pre- and post-transaction risk assessments
A merger or an acquisition presents a range of potential security risks. Failing to fully assess the cyber security status, strengths and weaknesses of the target company can lead to significant challenges both before and after completion. It is vital that investors look deeper than self-disclosures during the merger or acquisition process.
Independent cyber diligence support from Kroll provides clear insight into whether the cyber security track record and status at your target company is robust. Our pre- and post-transaction assessments can identify actual cyber security lapses or at-risk areas, quantify remediation costs and help restructure investments if needed. Assessments can also help to demonstrate data security commitment to stakeholders and regulators. Assessment is often conducted immediately post-transaction or can be performed pre-transaction by organisations seeking to be acquired.
Services
Remote and on-site cyber due diligence services
Whether you need help with assessing an organisation’s cyber security status for a merger or you are looking to ensure that an upcoming business acquisition does not compromise your security status, we can help. Our cyber due diligence services include:
- Deep and dark web exposure
- Compromise assessment
- Cyber risk assessment
- Penetration testing
Service modules
Cyber due diligence service modules
We offer four cyber due diligence modules to help you uncover, assess and address information security risks, both pre- and post-transaction. Each module is customisable for every transaction. You can select and deploy the combination of services that best matches your risk concerns, the timescales of the agreement and the level of access to the target company.
For organisations approaching acquisition, positive findings or timely remediation based on these assessments (especially Modules 3 and 4) can help to allay potential buyers’ concerns and accelerate the closure of a deal.
FAQ
Cyber Security Due Diligence FAQs
- What is cyber security due diligence?
-
Cyber security due diligence is the process of monitoring, identifying and protecting against the cyber risks of an organisation with which you are associated or seeking to be associated with. It involves reviewing the governance, processes and controls used to secure that organisation’s information assets.
- What is the value of undertaking cyber due diligence before a merger or an acquisition?
-
Cyber due diligence plays a key role in supporting successful mergers and acquisitions. It highlights specific vulnerabilities and other issues and better informs the terms and conditions of an agreement. Any risks which are identified can then be addressed to ensure that the merger or acquisition is successful and that there are no unexpected financial costs.
- What does the cyber security due diligence process involve?
-
The cyber due diligence process will be defined by your specific requirements, the target company and the nature of the planned transaction. At Kroll, we provide pre- and post-transaction assessments structured around four modules which cover key areas such as deep and dark web exposure, compromise assessments and vulnerability assessments.
- How long does the cyber due diligence process take?
-
The duration of the cyber due diligence process is defined by your particular aims and the nature of your planned transaction. We will outline the process to you at the start and agree a timescale and approach which aligns with your business goals and priorities. We have the capacity to work at pace to support a fast-moving schedule, as and when required.
- What type of security risks can a cyber due diligence assessment uncover?
-
The cyber due diligence process highlights specific issues that have the potential to affect the value of an acquisition or the success of a merger. For example, it can help to identify key cyber security vulnerabilities that need addressing before the transaction is completed. The process can also identify signs of a breach and even previous breaches that the company has had without its knowledge. Cyber due diligence also involves investigating the target company’s approach to breach management, disaster recovery, business continuity and compliance with industry regulations.
- Which organisations can benefit from a cyber due diligence assessment?
-
Any organisation looking to complete a merger, acquisition or other type of business deal can increase the value of that agreement through a cyber due diligence assessment. Private equity firms, hedge funds, investment banks and blue-chip organisations in a wide range of sectors rely on Kroll’s cyber security due diligence services to help make more informed M&A decisions.
Pre- and post-transaction
Effective cyber security due diligence, before and after transactions
| Pre-Transaction | Post-Transaction |
|---|---|
| Evaluate cyber security maturity and management | Develop policies and promote awareness. Act as Virtual CISO |
| Evaluate nature and risk profile of data | Evaluate operational risk, including IP, financial and personal data |
| Evaluate readiness to comply with security standards and regulations | Prepare security strategy to meet firm goals and compliance requirements |
| Evaluate third-party risk and dark web exposure | Build and manage third-party cyber risk program |
| Evaluate cyber insurance coverage | Guide response and recovery efforts to security incidents |
About Us
Why choose Kroll?
- Flexible, on-demand services
- Recognised by CREST and the PCI Council
- Global team of cyber risk experts
- >3,200 security incidents responded to every year
Get in touch
Complete the form for a prompt response from our team.
Resources