Even the most junior dealmaker knows that due diligence is a necessary step in any merger or acquisition. The acquiring company needs to know exactly what it is buying or investing in, and ensure that it is not taking on vulnerabilities that will lead to serious troubles, whether financial, legal or reputational. However, in the typical rush to close a deal, one increasingly critical aspect of the process all too often still gets overlooked – tech and cyber due diligence.
There are a number of potential problems to watch out for, many if not most of which cannot be assessed by a banker or dealmaker with a financial background. And now that every company boasts an IT infrastructure filled with IP and valuable data, tech and cyber due diligence can’t be reserved just for high-tech deals.
A company with significant cyber vulnerabilities can introduce dormant malware to an acquiring company, or a target may own proprietary technology that has serious weaknesses. A firm’s internal systems may already be poorly integrated, with a slapdash mix of different or outdated operating systems, databases or programming languages, which doesn’t bode well for the post-deal integration with its new parent. Another target may not even have a road map for the future or solid documentation of previous self-assessments, which should be serious red flags. In all cases, only an appropriately skilled technology professional would be able to find those problems before it’s too late. Though companies are increasingly aware of the need for technical due diligence, most efforts still fall short.