As many as 50 per cent of Singapore-based businesses have encountered a critical cyber security issue or incident during M&A activity, which placed the deal in jeopardy.
Findings from Forescout Technologies found that after closing an acquisition, 65 per cent of executives experience regret in making the deal due to cyber security concerns.
"Traditionally, when acquiring a company, M&A due diligence has been focused on aspects such as finance, legal, business, operations, human resources and IT, among others,” said Wahab Yusoff, vice president of Asia at Forescout. “However, in light of recent breaches, it is clear that organisations considering an acquisition could benefit from greater, dedicated cyber evaluation."
Yusoff said effective cyber security evaluation takes time yet on the flip side, acquisitions often run at a fast pace.
The report found that only 34 per cent of respondents in Singapore strongly agree that their IT team is given adequate time to review a targets’ cyber security standards, processes and protocols before completing an acquisition.
When asked what makes organisations most at risk during the IT process, executives identified human error and configuration weakness (63 per cent) and connected devices (59 per cent).
But devices often get overlooked and missed during integration as over half (57 per cent) of decision-makers find unaccounted devices, including Internet of Things devices, after completing the integration process.
“The IT and cyber landscape has changed dramatically in recent decades, with connectivity becoming increasingly prevalent," Yusoff added. "All of these factors have greatly complicated the evaluation and decision making process, and has made it a requirement to have new and innovative approaches to manage cyber risks.
"Cyber security assessments to have full visibility into all connected devices are therefore a key requisite not only prior to the acquisition, but continually throughout the integration process as well."
Within Singapore, only 31 per cent strongly agree that their IT team has the skills necessary to conduct a cyber security assessment for an acquisition.
Due to lack of resources, Yusoff said organisations must allocate outside resources through the channel to conduct cyber security assessments.
The study is based upon a survey that was conducted between February 20 through March 10, 2019, with respondents sourced from Quest Mindshare.
In all, there were 2,779 respondents of IT decision makers and business decision makers across industries from Singapore, Australia, India, US, France, UK, and Germany, with the data weighted to evenly represent audiences and regions.
To qualify, respondents had to be employed full-time, senior manager level or higher, and the primary decision maker for IT purchasing decisions or involved in M&A strategy.