Fifty-three percent of respondents reported that their organization had encountered a critical cybersecurity issue or incident that put a mergers and acquisitions (M&A) deal in jeopardy and 65 percent of respondents said they had experienced buyers’ remorse because of cybersecurity concerns after closing a deal.

According to the study:

• 73 percent of respondents agreed that technology acquisition is their top priority for their M&A strategy over the next 12 months—and, 62 percent agreed that not only does their company face significant cybersecurity risk by acquiring new companies, they also expressed that cyber risk is their biggest concern post-acquisition.
• 72 percent of respondents considered IoT devices (printers, smart lighting, VoIP phones, security cameras, etc.) as most vulnerable to external adversarial actors
• 81 percent of ITDMs and BDMs agree that they are putting more of a focus on a target’s cybersecurity posture than in the past, highlighting that cyber is a top priority for both IT and business decision makers.
• 73 percent of respondents agreed that a company with an undisclosed data breach is an immediate deal breaker in their company’s M&A strategy.
• Only 36 percent of respondents strongly agree that their IT team is given time to review the company’s cybersecurity standards, processes and protocols before their company acquires another company. 
• Among ITDMs, only 37 percent strongly agree that their IT team has the skills necessary to conduct a cybersecurity assessment for an acquisition.
• Nearly all respondents (97 percent) reported that their organizations spend money on outside contractors for IT audits or cybersecurity risk assessments.
• When asked what makes organizations most at risk during the information and technology process, two answers stood out: human error and configuration weakness (51 percent) and connected devices (50 percent). 
• Over half (53 percent) of ITDMs say they find unaccounted for devices after completing the integration of a new acquisition.
• Nearly two-thirds of respondents (65 percent) said their companies experienced regrets in making an M&A deal due to cybersecurity concerns.