Heightened cyber risks intensify longstanding challenge for M&A, especially among companies that do a poor job managing technology


A WSJ report outlined how increased cyber risks amid COVID‑19 are posing increased challenges for M&A transactions globally.



Heightened concerns about the increased cyber risks faced by acquiring companies and the subsequent merged entities in M&A transactions are a reflection of the increased IT risks catalyzed by COVID‑19. Risks have increased exponentially for many companies, not just because of the sudden transition to remote work but also because of the accelerated migration to the cloud and roll-out of new digital services that all rapidly increase the complexity of a corporate network. This extends beyond the company in question to also include the changes in the IT environments of partners and suppliers. The challenges have been particularly acute for companies (1-Star in Cyber Governance Indices) that were poorly managing their technology prior to COVID‑19.

But the materiality of cyber risks in the M&A context is not a new development. Cyberhedge models have long identified that the cyber governance performance (how well or poorly a company manages its combined financials and technology) of an acquiring company declines post-acquisition. Examples like Marriott and its 2018 breach that stemmed from the Starwood acquisition and the United Technologies—Raytheon merger are examples of the financial risks that result from cyber and M&A.

In the case of the UTC RTN merger, in terms of cyber governance, not only did UTC and RTN both underperform on important metrics, but, in addition, many of UTC’s main supply chain partners are poor performers on cyber as well.

COVID‑19 intensifies the already existent cyber risks within an M&A context involving companies with poor cyber governance, and emphasizes the need for increased top-level focus on security from the board and C-suite, not just in the context of ‘deal due diligence’ but more broadly, and on an ongoing basis.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website