More than half of M&A security incidents in 2024 were non-malicious, resulting instead from integration-induced investigation delays, policy and compliance challenges, and issues baselining internal tools, a report from ReliaQuest has revealed. These findings suggest that inherited assets present a significant risk during M&A activities.
However, discussions on cybercriminal forums suggest that threat actors deliberately target companies engaged in M&A processes, abusing perceived security weaknesses while staff are preoccupied with merger logistics. Forum discussions reveal that cybercriminals believe they can monetize M&A information for profit and use it for insider trading or blackmail.
M&A Security Incidents by Sector
The manufacturing sector faced the most M&A-related issues, accounting for 42% of customer M&A incidents. According to ReliaQuest, this likely relates to the sector’s reliance on legacy systems and operational technologies, which complicate updates and incident response and are only magnified during M&A.
However, the finance and insurance, professional, scientific, and technical services (PSTS), and retail trade sectors each accounted for 8%, possibly because of the stringent regulatory compliance requirements and relatively uncomplicated technology integrations associated with these industries.
Current M&A Cybersecurity Challenges
The ReliaQuest report outlines the five biggest cybersecurity challenges for companies during the M&A process and offers recommendations for overcoming them. They are:
- Adapting to New Compliance Standards: Use flexible security operations platforms to accommodate various compliance requirements across the merged entities. This includes monitoring for gaps and aligning processes to meet regulatory standards efficiently.
- Managing Threats from Inherited Assets: Conduct thorough due diligence to identify inherited vulnerabilities or breaches. Employ digital risk protection to scan for risks, such as exposed credentials, across open and dark web environments.
- Eradicating Blind Spots in Logging Visibility: Leverage an integrated security operations platform to unify logging and monitoring tools, ensuring consistent visibility across legacy and newly acquired systems.
- Unifying Operational Tools Post-M&A: Standardize and consolidate the security tech stack while maintaining compatibility with existing solutions. A unified platform facilitates seamless integration of tools, reducing complexity.
- M&A Hindering Threat Response: Mitigate the risks of slower threat responses by ensuring centralized and automated threat detection and response processes, which streamline operations across disparate environments.
Future M&A Cybersecurity Challenges
ReliaQuest notes that operating in the M&A threat landscape will likely become increasingly difficult in 2025, as new technological and political challenges will arise.
For example, relaxed cybersecurity regulations under President Trump could prompt organizations to downscale security measures, smaller ransomware groups will likely target M&A-weakened firms using AI-generated spearphishing, and continued cloud adoption will increase operational complexity.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.