Companies considering mergers, acquisitions or divestiture must fully understand the potential risks a data breach would pose to their critical applications and data. Not going through proper cyber due diligence during M&A or divestiture deals can leave a buyer exposed to a range of risks, ranging from brand reputation, diminished revenues, profits, market value, and market share.
The key to selling a business is maximizing value while protecting your remaining business. Companies should focus on areas which can hurt the value of the divestment, prioritize and mitigate them before engaging potential buyers. Companies should diligently identify and monitor potential vulnerabilities that could be exploited during separation as well as maintain preparedness for data privacy and regulatory compliance.
Companies should also plan to mitigate cyber threats to the remaining business by closing potential avenues of attack that could open post-separation, making sure critical assets are not inadvertently transferred and assessing the risk control governance structure. Here is a good case study of how a major healthcare service company employed a real-time map and segmentation to secure their data center assets after selling a part of their business and associated infrastructure to a foreign entity
Emerging trends and recent developments in the CFIUS process