Cybersecurity due diligence in M&A and divestitures



What EY can do for you in M&A cybersecurity

When you’re buying

M&A decision-makers must fully understand the potential risks a data breach would pose to critical business assets and functions, from intellectual property (IP) and operations to customer information and credit card data. Ignoring these cybersecurity risks in M&A can leave a buyer exposed to a range of risks, including diminished revenues, profits, market value, market share and brand reputation.

We can help you understand exactly what you’re buying and how to price any potential risks appropriately. We can help you identify vulnerabilities that could be exploited by potential hackers, quantify cyber risks as they relate to the deal and manage the mitigation or remediation of cyber risks.

When you’re divesting

The key to selling a business is maximizing value while protecting your remaining business. Our cyber transaction services can help you identify areas of likely value erosion of a divestment, prioritize and mitigate them before you engage buyers. We can identify and monitor potential vulnerabilities that could be exploited during a separation as well as maintain preparedness for data privacy and regulatory compliance.

We can also help you mitigate M&A cyber threats to your remaining business by closing potential avenues of attack that could open post separation, making sure critical assets are not inadvertently transferred and assessing the risk control governance structure.

EY’s cyber transaction services can add value across the M&A transaction life cycle — from strategy and opportunity analysis all the way through diligence, negotiations, and integration or separation.

The value of EY cyber transaction services 

We help address the M&A cyber risk to your business by:

  • Discovering hidden risks, such as technical vulnerabilities in your target company, data privacy noncompliance and signs of cyberattacks that could be happening right now
  • Valuing cyber risk for specific events, such as thefts of customer data or IP, or business and operational disruption
  • Identify and quantify valuation considerations included estimated one-time and recurring costs to remediate cyber vulnerabilities or gaps in regulatory compliance helping you demonstrate to the board and regulators that you are proactively mitigating cyber risk — while protecting deal value and strategic drivers
  • Reducing threats to the remaining company that can occur when companies separate, such as inadvertent loss of IP or exposure of critical assets

Our latest thinking

M&A activity: September 2024

Read the latest Merger Monthly, with insights on recent US M&A activity and what to expect as we look ahead.

CIO Survey: will you set the GenAI agenda or follow the leaders?

Get insights on how CIOs will address the challenges and capture the full benefits of GenAI in the 2024 EY CIO Sentiment Survey.

M&A outlook signals rebounding US deal market in 2024

Based on economic and market indicators, the latest EY-Parthenon Deal Barometer predicts a rise in deals in the 2024 M&A outlook. Learn more in the report.

Strategies for successful corporate separations

Gain competitive advantage with valuable insights from 160+ corporate separations, including spin offs, carve outs, optimal timing, and value maximization.

Preparing financial services cybersecurity for quantum computing

Quantum computing may seem years off, but financial services cybersecurity teams can take steps now to secure data. Read more.

How to keep cybercriminals out of your divestiture

Corporate deals are where the money is, for cybercriminals. But companies can protect themselves and the deal.


    Contact our M&A cybersecurity team to support your business
    Like what you’ve seen? Get in touch to learn more.