ISF Podcast

S35 Ep3: The Silent Risk in M&A: Cyber Security Oversights That Cost Millions

Listen Later
Financial due diligence is common practice when companies merge or one business acquires another. Cyber security due diligence, however, is not quite as common. Yet, in a world where the threat landscape changes by the day and risk is growing increasingly complex, solid cyber security practices are more important than ever. 

Today, Steve and Tavia dig into this very topic, and, more specifically, what role cyber security has in a merger or an acquisition. How is a cyber security review done? Why are they important? How do we balance speed with thoroughness? How do we interpret the results? There’s a lot to dig into here. 

Key Takeaways:
  1. Cyber due diligence is paramount in a corporate acquisition or merger.
  2. Risks of not doing cyber due diligence include both financial and reputational.
  3. Cyber due diligence is a team game.
    4. Tune in to hear more about:
    1. Who should be responsible for conducting the cyber review (4:34)
    2. How organizations can build cyber into their due diligence process (14:05)
    3. Examples of where insufficient cyber due diligence proved costly (19:05)
      4. Standout Quotes:
      1. “You can't play a team sport without a team. And for me, M&A is a team game. You can't go it alone. I think it would be a mistake for somebody to think that they could do this kind of work solo. Because as we've seen with cyber maturing, it now touches so many different parts of the organization. You do need to be involved.” - Steve Durbin
      2. “I think people are getting it. What I'm seeing now is people get it, but they don't know how to do it. That's where the cyber professional really now has to step up.” - Steve Durbin
      3. “Pre-deal, I think it is about being focused. It's about identifying, prioritizing the high risk areas that are out there that you want to look into. It's about doing things like making sure that the governance is there. It's about scanning for some of the known vulnerabilities. If you are in one particular market sector and you're buying a company in another because of expansion growth, you're going to need to be covering off a whole range of different things that perhaps might be unusual for you because you haven't been having to look into those areas.” - Steve Durbin
        4. Read the transcript of this episode
        Subscribe to the ISF Podcast wherever you listen to podcasts
        Connect with us on LinkedIn and Twitter

         From the Information Security Forum, the leading authority on cyber, information security, and risk management.
        ...more
        View all episodesView all episodes
        Download on the App Store
        ISF PodcastBy Information Security Forum Podcast
        • 4.6
        • 4.6
        • 4.6
        • 4.6
        • 4.6

        4.6

        15 ratings

        More shows like ISF Podcast

        View all
        WSJ Tech News Briefing by The Wall Street Journal

        WSJ Tech News Briefing

        1,648 Listeners

        Security Now (Audio) by TWiT

        Security Now (Audio)

        1,990 Listeners

        Risky Business by Patrick Gray

        Risky Business

        367 Listeners

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

        SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

        640 Listeners

        Hacked by Hacked

        Hacked

        183 Listeners

        CyberWire Daily by N2K Networks

        CyberWire Daily

        1,021 Listeners

        Lage der Nation - der Politik-Podcast aus Berlin by Philip Banse & Ulf Buermeyer

        Lage der Nation - der Politik-Podcast aus Berlin

        229 Listeners

        Click Here by Recorded Future News

        Click Here

        403 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        7,977 Listeners

        Cybersecurity Today by Jim Love

        Cybersecurity Today

        173 Listeners

        CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

        CISO Series Podcast

        190 Listeners

        Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

        Defense in Depth

        77 Listeners

        Cyber Security Headlines by CISO Series

        Cyber Security Headlines

        129 Listeners

        Risky Bulletin by risky.biz

        Risky Bulletin

        44 Listeners

        KI verstehen by Deutschlandfunk

        KI verstehen

        8 Listeners