Wed, Jul 22, 2020

Case Study: M&A Cyber Risk Report

A Fortune 500 technology consulting company that regularly engages in M&A had concerns with the cyber security risk exposure of some recent acquisitions. After having a significant cyber security incident, the company contracted with Kroll to perform an objective, discreet and external review of the cyber risk exposure of their future acquisition targets. 

The Kroll team leveraged the CyberClarity360 platform to examine dozens of security criteria and industry benchmark data to provide both an absolute and relative cyber risk score for each target. Using this platform, Kroll evaluated:

  • The target's “attack surface” to better calculate risk and impact associated with visible digital assets
  • Key security metrics of the target's external IT infrastructure and public facing digital assets (e.g., website, web applications, portals, email servers, etc.)
  • Individual business credentials, accounts, passwords, profiles or other data linked to the target that had been exposed in breaches

By engaging Kroll, the consulting company can now understand the potential cyber risk exposure of their acquisitions and make better decisions about potential acquisition targets. Additionally, they can compare and contrast these external reviews with assessments their post-acquisition team performed of the target's cyber security maturity.

Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Optimized Third-Party Cyber Risk Management Programs

Manage risk, not spreadsheets. Identify and remediate cybersecurity risks inherent in third-party relationships, helping achieve compliance with regulations such as NYDFS, FARS, GDPR, etc.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.


Efficiently assess and confidently track the security and resilience of third parties with CyberClarity360, a robust third-party cyber risk management solution.