Posted on

Don’t buy a breach or a bad reputation: A more effective approach to M&A due diligence


David Etue

David Etue, CEO of Nisos, has 20 years of experience at early-stage and mature companies, bringing industry perspective built from experience including security program leadership, management consulting, product management and technical implementation.

Companies invest significant time and energy to integrate networks and applications after an acquisition. However, the acquiring IT, security and intelligence teams rarely have the resources or internal processes to perform investigative diligence on a target before an acquisition. Being able to do so would enable them to better manage risk.
Questionnaires, interviews and cyber due diligence are commonly employed, but these efforts are typically only started after a letter of intent (LOI) is in place, and access to the organization and its networks is granted. In many cases, regulatory approvals may delay this access and information sharing even further. What results is a process that is often rushed and suboptimal.
As the M&A market accelerates, acquirers must change this dynamic to speed up the due diligence process and ensure any risks associated with cybersecurity posture, company re …

Read More