Mergers create greater security risk

Companies should use a risk-based approach to merger review

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Corporate mergers and acquisitions (M&A) can be fraught with risks related to financial matters, company culture, personnel, IT systems integration and other areas.

Security risks, both cyber and physical, certainly belong on the list of concerns. And with the ongoing shortage of professionals who are expert in various aspects of data protection—coupled with the seemingly endless stream of reports about data breaches and other security threats—this has become an even bigger concern for companies that are considering or in the midst of M&A deals.

“Any M&A activity involves an assumption of risk,” says Ariel Silverstone, vice president of security strategy, privacy and trust at GoDaddy, a provider of domain name registrations.

Among the issues Silverstone has looked at during M&A activity are regulatory compliance, security framework compatibility and potentially different business risks presented by the new organization. “Examples include physical access control, geographic data center location, cloud use model, exposure after breach, and organizational placement of the security function,” he says.

To continue reading this article register now