When M&A auditors look at a target company’s tangible assets, in the vast majority of cases that includes cybersecurity. In a new (ISC)² study about the impact of cybersecurity in M&A, 95% of respondents say they consider cybersecurity infrastructure “a tangible part” of the value calculation.
The stronger the infrastructure, including soft assets such as risk management policies and security awareness training programs, the higher a target company’s value will be, according to 82% of respondents. If an audit reveals weak security practices, 52% of respondents would view the cybersecurity program as a liability.
What this means for organizations considering a sale is clear: If you take your cybersecurity program lightly, it is bound to drive down the sale price. Just like any other tangible assets, such as buildings or equipment, the program’s value is tied to its condition.
All 250 participants in the (ISC)² study are or have been involved in M&A activities. Respondents included managing directors, investment and research analysts, venture partners, general partners, principals, and risk and compliance officers. More than three quarters of them (77%) say they make M&A recommendations based on the state of a company’s cybersecurity program.
Cybersecurity Has Value
The M&A audit process is how a purchasing company determines whether its target for merger or acquisition is worth making a deal. The most important part of the process is due diligence, which involves evaluating assets, structure, liabilities, operations and partnerships. Each of these areas is assigned a value and red flags can lead a buyer to abandon a deal.
In the (ISC)² survey, nearly all respondents (96%) say they take into account cybersecurity readiness when determining the overall value of a comp ..
Support the originator by clicking the read the rest link below.
