What’s Coming in Cybersecurity M&A Deals in 2020?

Industry experts weigh in:


  • We will see an increase in the number of M&A deals in 2020. In fact, 79 percent of respondents to Deloitte’s M&A trends 2019 report expect the number of deals they close to rise in the next 12 months – up from 70 percent last year. Consequently, companies need to learn from the headaches faced by Marriott in 2018 when it acquired Starwood and inherited a breach of guest dat Security needs to be a key component of any M&A strategy. If companies lack solutions that provide adequate visibility into their own systems as well as those of the companies that they are acquiring, we will see similar breaches take place in 2020.   – Anurag Kahol, CTO and co-founder, Bitglass


  • Increased caution around M&A deals. Learning from the mistakes of Marriott, companies going through M&A deals in 2020 will prioritize comprehensive evaluations of cybersecurity and risk. Before Marriott acquired Starwood in 2016, it was reported that Starwood suffered a breach of North American customers’ credit and debit card data after threat actors implanted malware on the company’s point-of-sale registers. Eventually, Marriott became aware of its breach of about 383 million Starwood guests’ data when a security tool flagged a database query from an unauthorized user whom had admin privileges. The company later found out that the intrusion went undetected for four years before Marriott even acquired Starwood, however, Marriott still had to pay more than $120 million to the UK’s Information Commissioner’s Office (ICO) for violating GDPR, and the hotel giant can even face additional punishments from other data privacy mandates, including the soon-to-be-enforced CCPA. While M&A is an important part of many companies’ growth plans, organizations will become increasingly wary of suffering a similar fate as Marriott. In 2020, organizations will place cloud security at the forefront of the M&A process including thorough audits of how the acquisition or merger target is operating cloud services. In a multi-cloud world, companies will need solutions that provide complete visibility across all clouds and cloud services, and an approach to bringing these into their security and compliance posture via automation. – Chris DeRamus, CTO and co-founder, DivvyCloud

Photo by energepic.com from Pexels