A Fortune 500 technology consulting company that regularly engages in M&A had concerns with the cyber security risk exposure of some recent acquisitions. After having a significant cyber security incident, the company contracted with Kroll to perform an objective, discreet and external review of the cyber risk exposure of their future acquisition targets.
The Kroll team leveraged the CyberClarity360 platform to examine dozens of security criteria and industry benchmark data to provide both an absolute and relative cyber risk score for each target. Using this platform, Kroll evaluated:
- The target's “attack surface” to better calculate risk and impact associated with visible digital assets
- Key security metrics of the target's external IT infrastructure and public facing digital assets (e.g., website, web applications, portals, email servers, etc.)
- Individual business credentials, accounts, passwords, profiles or other data linked to the target that had been exposed in breaches
By engaging Kroll, the consulting company can now understand the potential cyber risk exposure of their acquisitions and make better decisions about potential acquisition targets. Additionally, they can compare and contrast these external reviews with assessments their post-acquisition team performed of the target's cyber security maturity.