M&A Cyber Due Diligence
Cyber risk sized for the deal team, not the security team.
Structured cyber due diligence for strategic acquirers, private equity and corporate development teams. Pre-LOI red flag, full DD between LOI and signing, day-one risk acceptance pack for the closing committee, and a post-completion integration roadmap.
02Typical triggers
When this service is on the desk.
- 01LOI imminent or signed
- 02NDA in place and data room opening
- 03Signing date set, day-one risk pack needed
- 04Post-close integration starting
- 05Bolt-on acquisition diligence
03Typical outputs
Artefacts that earn the audit, the customer or the board.
- ·Pre-LOI red-flag report (5 working days)
- ·Full DD report with technical and governance scope
- ·Day-one risk acceptance pack for the closing committee
- ·Post-close integration roadmap and remediation programme
- ·Anti-fraud / pre-close incident watch
04Engagement shapes
Three ways the engagement is typically scoped.
SHAPE 01
Pre-LOI
5 working days. Red-flag assessment for the investment committee.
SHAPE 02
Full DD
3–5 weeks. Technical, governance, contractual, regulatory.
SHAPE 03
Post-close
8–12 weeks. Integration roadmap and Day-100 plan.
DELIVERED BY
Paul Jolliffe
FOUNDER · INFOSECAI · MBA · CISSP · ISO 27001:2022 LA / LI / IA · PRINCE2 Practitioner
Twenty years of senior security leadership across financial services, healthcare, government, telecoms and technology. Engagements are senior from day one: no subcontracted juniors, no introduce-and-exit.