ISF Podcast17 Jun 2025

S35 Ep3: The Silent Risk in M&A: Cyber Security Oversights That Cost Millions

Financial due diligence is common practice when companies merge or one business acquires another. Cyber security due diligence, however, is not quite as common. Yet, in a world where the threat landscape changes by the day and risk is growing increasingly complex, solid cyber security practices are more important than ever.

Today, Steve and Tavia dig into this very topic, and, more specifically, what role cyber security has in a merger or an acquisition. How is a cyber security review done? Why are they important? How do we balance speed with thoroughness? How do we interpret the results? There’s a lot to dig into here.

Key Takeaways:

Cyber due diligence is paramount in a corporate acquisition or merger.
Risks of not doing cyber due diligence include both financial and reputational.
Cyber due diligence is a team game.

Tune in to hear more about:

Who should be responsible for conducting the cyber review (4:34)
How organizations can build cyber into their due diligence process (14:05)
Examples of where insufficient cyber due diligence proved costly (19:05)

Standout Quotes:

“You can't play a team sport without a team. And for me, M&A is a team game. You can't go it alone. I think it would be a mistake for somebody to think that they could do this kind of work solo. Because as we've seen with cyber maturing, it now touches so many different parts of the organization. You do need to be involved.” - Steve Durbin
“I think people are getting it. What I'm seeing now is people get it, but they don't know how to do it. That's where the cyber professional really now has to step up.” - Steve Durbin
“Pre-deal, I think it is about being focused. It's about identifying, prioritizing the high risk areas that are out there that you want to look into. It's about doing things like making sure that the governance is there. It's about scanning for some of the known vulnerabilities. If you are in one particular market sector and you're buying a company in another because of expansion growth, you're going to need to be covering off a whole range of different things that perhaps might be unusual for you because you haven't been having to look into those areas.” - Steve Durbin

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(343)

343: Peter Hinssen - The New Never Normal: AI, the Future of Business and the Leaders We Need

Today, one of our favorite guests returns: Peter Hinssen. A renowned keynote speaker, author and serial entrepreneur, Peter is one of the most sought-after thought leaders on radical innovation, leade...

2 Jun 28min

342: Betsy Cooper - The Policy Gap: Navigating AI, Risk and Regulation

In this episode, Steve is in conversation with Betsy Cooper, director of the Aspen Policy Academy at the Aspen Institute. As an expert in cyber and tech policy, Betsy shares her thoughts on how policy...

19 Mai 26min

341: Dr. Keith Morneau - AI & the Resilient Workforce: Thriving in the Next Decade

Today’s guest is Dr. Keith Morneau, an experienced cybersecurity professional who currently serves as Dean of Computer and Information Science at ECPI University. Steve and Kieth discuss the future of...

12 Mai 24min

340: John "Jock" Brocas - Gut Instinct: The Intuitive Edge in Cyber Security

In today’s episode, Steve sits down with John “Jock" Brocas, a former military member who is now an executive mentor and strategic intuitive intelligence advisor to the C-suite. Jock is far from your ...

5 Mai 23min

S36 Ep27: Emily Holyoake - Beyond Infrastructure: The Case for Putting People First

Today’s episode might sound a little bit different, but it’s a really important conversation. Steve sits down with Emily Holyoake, co-founder of Not A Standard and the brain behind the FRAME Network, ...

28 Apr 24min

S36 Ep26: Brett Johnson - From Most Wanted to Most Valuable: Inside the Cybercrime Landscape

Today we bring back one of our favorite guests: former US most-wanted cybercriminal Brett Johnson. It’s been seven years since he was last on the show, and much has happened in the world of cyber. Bre...

21 Apr 26min

S36 Ep25: Steve Durbin - Global Threats, UK Blind Spots: Cyber Resilience in a Volatile World

Today, Steve returns to Business Matters with Juliette Foster. The war continues to rage in Iran, and with it comes an increasing threat of cyber attacks. Steve shares his thoughts on what the conflic...

14 Apr 29min

S36 Ep24: Special edition – From Awareness to Action: Prostate Cancer, Community and the Case for Early Detection

Today’s episode is a special one, recorded to announce an exciting and important new partnership between ISF and the organisation Prostate Cancer Research. Joining the show is PCR CEO Oliver Kemp, who...

31 Mar 30min