Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy


Pre- and post-transaction risk assessments

A merger or an acquisition presents a range of potential security risks. Failing to fully assess the cyber security status, strengths and weaknesses of the target company can lead to significant challenges both before and after completion. It is vital that investors look deeper than self-disclosures during the merger or acquisition process.

Independent cyber diligence support from Kroll provides clear insight into whether the cyber security track record and status at your target company is robust. Our pre- and post-transaction assessments can identify actual cyber security lapses or at-risk areas, quantify remediation costs and help restructure investments if needed. Assessments can also help to demonstrate data security commitment to stakeholders and regulators. Assessment is often conducted immediately post-transaction or can be performed pre-transaction by organisations seeking to be acquired.


Remote and on-site cyber due diligence services

Whether you need help with assessing an organisation’s cyber security status for a merger or you are looking to ensure that an upcoming business acquisition does not compromise your security status, we can help. Our cyber due diligence services include:

Service modules

Cyber due diligence service modules

We offer four cyber due diligence modules to help you uncover, assess and address information security risks, both pre- and post-transaction. Each module is customisable for every transaction. You can select and deploy the combination of services that best matches your risk concerns, the timescales of the agreement and the level of access to the target company.

For organisations approaching acquisition, positive findings or timely remediation based on these assessments (especially Modules 3 and 4) can help to allay potential buyers’ concerns and accelerate the closure of a deal.

Module 1 -
Deep and dark web exposure
Our extensive digital risk protection expertise enables us to conduct a deep and dark web assessment to identify any exposed data or uncover previously unknown breaches, providing valuable insight on how best to remediate any specific risks identified.
Module 2 -
Compromise assessment
MDR services can be quickly deployed across all endpoints in your target organisation. When endpoint data identifies existing malware or infection points, Kroll’s cyber security experts are able to move fast to take appropriate steps to contain and respond to threats.
Module 3 -
Cyber risk assessment
We undertake risk assessments using our proprietary methodology based on years of experience in incident response and investigations. We can also adapt our assessments to include industry standard frameworks to help ensure compliance with all the regulatory requirements in your sector.
Module 4 -
Penetration testing
Our professional penetration testing teams undertake simulated attacks that include assessing systems for exploitable vulnerabilities and gauging employee awareness through social engineering exercises.


Cyber Security Due Diligence FAQs

What is cyber security due diligence?

Cyber security due diligence is the process of monitoring, identifying and protecting against the cyber risks of an organisation with which you are associated or seeking to be associated with. It involves reviewing the governance, processes and controls used to secure that organisation’s information assets.

What is the value of undertaking cyber due diligence before a merger or an acquisition?

Cyber due diligence plays a key role in supporting successful mergers and acquisitions. It highlights specific vulnerabilities and other issues and better informs the terms and conditions of an agreement. Any risks which are identified can then be addressed to ensure that the merger or acquisition is successful and that there are no unexpected financial costs.

What does the cyber security due diligence process involve?

The cyber due diligence process will be defined by your specific requirements, the target company and the nature of the planned transaction. At Kroll, we provide pre- and post-transaction assessments structured around four modules which cover key areas such as deep and dark web exposure, compromise assessments and vulnerability assessments.

How long does the cyber due diligence process take?

The duration of the cyber due diligence process is defined by your particular aims and the nature of your planned transaction. We will outline the process to you at the start and agree a timescale and approach which aligns with your business goals and priorities. We have the capacity to work at pace to support a fast-moving schedule, as and when required.

What type of security risks can a cyber due diligence assessment uncover?

The cyber due diligence process highlights specific issues that have the potential to affect the value of an acquisition or the success of a merger. For example, it can help to identify key cyber security vulnerabilities that need addressing before the transaction is completed. The process can also identify signs of a breach and even previous breaches that the company has had without its knowledge. Cyber due diligence also involves investigating the target company’s approach to breach management, disaster recovery, business continuity and compliance with industry regulations.

Which organisations can benefit from a cyber due diligence assessment?

Any organisation looking to complete a merger, acquisition or other type of business deal can increase the value of that agreement through a cyber due diligence assessment. Private equity firms, hedge funds, investment banks and blue-chip organisations in a wide range of sectors rely on Kroll’s cyber security due diligence services to help make more informed M&A decisions.

Pre- and post-transaction

Effective cyber security due diligence, before and after transactions


Pre-Transaction Post-Transaction
Evaluate cyber security maturity and management Develop policies and promote awareness.
Act as Virtual CISO
Evaluate nature and risk profile of data Evaluate operational risk, including IP, financial and personal data
Evaluate readiness to comply with security standards and regulations Prepare security strategy to meet firm goals and compliance requirements
Evaluate third-party risk and dark web exposure Build and manage third-party cyber risk program
Evaluate cyber insurance coverage Guide response and recovery efforts to security incidents

About Us

Why choose Kroll?

  • Flexible, on-demand services
  • Recognised by CREST and the PCI Council
  • Global team of cyber risk experts
  • >3,200 security incidents responded to every year

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
View our privacy policy


Discover our latest content and resources

From the blog
From the blog Case studies Latest news
22nd April 2024
Quishing attacks increase tenfold
According to new research, quishing attacks, a type of phishing that leverages QR codes, have significantly increased, rising from 0.8% in 2021 to 10.8% in 2024.
15th April 2024
Half of UK businesses affected by cyber-incident in the past year
According to a new report by the UK government, half of UK businesses have reported a cyber incident or data breach in the past 12 months.  
8th April 2024
Infostealers prominent in retail cyber-attacks
New research has highlighted that the use of infostealers dominated in cyber-attacks on retailers over the past year.  
2nd April 2024
Zero-day vulnerabilities soared by over 50% between 2022 and 2023
In a new report Google has revealed that the volume of zero-day vulnerabilities it detected rose by over 50% from 2022 to 2023, with bugs in third-party components on the increase.