50% of M&A Security Issues are Non-Malicious

More than half of M&A security incidents in 2024 were non-malicious, resulting instead from integration-induced investigation delays, policy and compliance challenges, and issues baselining internal tools, a report from ReliaQuest has revealed. These findings suggest that inherited assets present a significant risk during M&A activities.

However, discussions on cybercriminal forums suggest that threat actors deliberately target companies engaged in M&A processes, abusing perceived security weaknesses while staff are preoccupied with merger logistics. Forum discussions reveal that cybercriminals believe they can monetize M&A information for profit and use it for insider trading or blackmail.

M&A Security Incidents by Sector

The manufacturing sector faced the most M&A-related issues, accounting for 42% of customer M&A incidents. According to ReliaQuest, this likely relates to the sector’s reliance on legacy systems and operational technologies, which complicate updates and incident response and are only magnified during M&A.

However, the finance and insurance, professional, scientific, and technical services (PSTS), and retail trade sectors each accounted for 8%, possibly because of the stringent regulatory compliance requirements and relatively uncomplicated technology integrations associated with these industries.

Current M&A Cybersecurity Challenges

The ReliaQuest report outlines the five biggest cybersecurity challenges for companies during the M&A process and offers recommendations for overcoming them. They are:

• Adapting to New Compliance Standards: Use flexible security operations platforms to accommodate various compliance requirements across the merged entities. This includes monitoring for gaps and aligning processes to meet regulatory standards efficiently.
• Managing Threats from Inherited Assets: Conduct thorough due diligence to identify inherited vulnerabilities or breaches. Employ digital risk protection to scan for risks, such as exposed credentials, across open and dark web environments.
• Eradicating Blind Spots in Logging Visibility: Leverage an integrated security operations platform to unify logging and monitoring tools, ensuring consistent visibility across legacy and newly acquired systems.
• Unifying Operational Tools Post-M&A: Standardize and consolidate the security tech stack while maintaining compatibility with existing solutions. A unified platform facilitates seamless integration of tools, reducing complexity.
• M&A Hindering Threat Response: Mitigate the risks of slower threat responses by ensuring centralized and automated threat detection and response processes, which streamline operations across disparate environments.

Future M&A Cybersecurity Challenges

ReliaQuest notes that operating in the M&A threat landscape will likely become increasingly difficult in 2025, as new technological and political challenges will arise.

For example, relaxed cybersecurity regulations under President Trump could prompt organizations to downscale security measures, smaller ransomware groups will likely target M&A-weakened firms using AI-generated spearphishing, and continued cloud adoption will increase operational complexity.