Skip to main content

Whether making or realising an investment, the first 100 days following the announcement of an acquisition require heightened vigilance to cyber risk. Sophisticated threat actors can exploit weaknesses exposed during the M&A process, including the exchange of sensitive data during due diligence, the integration of IT systems, and disruption to workflows and employees.

Preparing PortCo for Exit

Intellectual Property

Intellectual Property

Identifying key IP within a business, understanding ownership, reviewing rights agreements, and implementing appropriate protections.

Data Protection

Data Protection

Conducting data protection audits and reviewing policies and procedures.

Warranties and Covenants

Warranties and Covenants

Clearly defining responsibility for past and future cyber events, and ensuring these obligations are not breached.

Continuous Breach Monitoring

Target / Portfolio Company

Target / Portfolio Company

  • Data leaks, credential exposure and ransomware chatter
  • New vulnerabilities in exposed systems
  • Publicly disclosed breaches that could affect valuation
Critical Suppliers and Technology Vendors

Critical Suppliers and Technology Vendors

  • Cloud and SaaS Providers
  • Outsourced IT Providers
  • Managed Service Providers (MSPs)

Regulatory / Compliance Triggers

Regulatory / Compliance Triggers

  • Monitor for fines, investigations or regulatory actions against the target, including GDPR, SEC and FCA matters
Other stakeholders

Other Stakeholders

  • Advisors (lawyers, bankers)
  • Other Portfolio Companies (where infrastructure is shared)
     

Have any questions?

Our experts

Shreeji Doshi

Shreeji Doshi

Director, GRC | Cyber Risk

Edward Starkie

Edward Starkie

Director, GRC | Cyber Risk