As Industry Consolidation Grows, Increased Due Diligence will be Table Stakes

Increased due diligence will become table stakes for cybersecurity M&A in the coming year, Plaggemier said. As the industry becomes more consolidated, the potential risks and rewards of M&A deals are likely to become more significant, making it paramount for companies to carefully assess respective acquisition strategies.

Also, the rapid pace of technological change in the sector means that companies need to be sure that the technologies and expertise they acquire are current and effective to ensure that an organization’s capabilities are up to date and able to provide the level of protection that the company needs, she said. An acquired company’s weaknesses become the parent company’s problem.

“Since the potential cost of a cybersecurity breach is significant, both in terms of financial losses and damage to a company’s reputation, there will be a greater reliance on best practices and processes that can reduce the risk of a breach and protect the bottom line,” Plaggemier said. “Increased third-party risk management will play a key role in better recognizing downstream vulnerabilities ahead of an acquisition, such as SaaS/data sprawl, past relationships with breached security vendors and solutions, or improper history of vetting partners. Additionally, there will be much more reliance on a software bill of materials (SBOM). SBOMs provide a detailed inventory of the components that make up a piece of software. This information is crucial for identifying potential vulnerabilities and ensuring that the software being acquired is secure.”