author photo
By Clare O’Gara
Wed | Nov 20, 2019 | 5:30 AM PST

Ever been curious about how cybersecurity affects mergers and acquisitions? You should be.

A new survey from (ISC)2 reveals that the quality of cybersecurity at a company being purchased is a significant M&A consideration and can impact whether the purchase goes through.

Cybersecurity in M&A is becoming crucial

According to experts in M&A, it often takes more than verifying a company's financials to get full sign-off in acquiring a company.

Now, it's also about verifying the security posture of the organization.

(ISC)2 surveyed 250 voices in the world of M&A about cybersecurity audits and how important they are for business decisions.

"The research shows that the inclusion of a cybersecurity audit in M&A does more than simply fulfill a requirement or serve as window dressing. M&A experts pay close attention to cyber audit results—and take them into account to make decisions."

Cybersecurity in M&A: 4 key findings

The survey identifies four key findings when it comes to cybersecurity and M&A decisions. Incredibly, 49% of the M&A experts surveyed say the discovery of a previously undisclosed data breach would derail a merger or acquisition.

Audits M&A

Cybersecurity in M&A: incident response matters

Another major cybersecurity factor for determining whether to purchase a company?

According to the survey, it is incident response.

"For most respondents (86%), a publicly reported breach detracts from the acquisition price. But it's not a deal breaker, if the company can demonstrate it handled the breach appropriately and took steps to prevent further incidents.

If the company addressed the breach satisfactorily, fixed its security vulnerabilities and paid its fines (when applicable), 88% say the company's value increases."

Check out the full report here.