Evaluating risks in target acquisitions through Cyber Security Due Diligence

We help Private Equity investors evaluate the cybersecurity risks and compliance issues in target acquisitions 

Information Security consequences increase as businesses grow

Information security is now critical for all businesses. Priorpriary data, intellectual property and customer data need protecting and with most businesses operating digitally, key digital services need protecting to ensure they continue to operate. 

As businesses grow, so do the consequences of an information security breach. Reputational and financial impact, as well as fines from regulators, can have a significant impact on an acquisition. 

Answering key investment questions

We help Private Equity investors evaluate the Cybersecurity risks associated with the technology products, platforms and teams in target businesses. We commonly help investors answer key investment questions concerning;​

  • Are there appropriate cybersecurity controls to ensure customer data protected?​

  • Are there vulnerabilities in the technology platforms?​

  • Have the management team the appropriate skills and experience?​

  • Have compliance requirements and industry-standard been met?​

  • What are the key risks to growth?

Tailoring Due Diligence to sector requirements

Our approach to cybersecurity assessment is based on multiple industry standards can be configured to the business model and sector relevant to the acquisition. We can tailor our approach based on a number of factors including;

  • the number and type of digital platforms,

  • type of data managed by the company,

  • use of third parties,

  • geography.

Key Insights

32% of businesses experience cyber attacks

Only 36% have cyber security policies in place

Only 31% have done a risk assessment in the last 12 months

Our Services

Our team work with Private Equity funds to assess the risk of future acquisitions. Our team provide the following services. 


Our Cybersecurity Due Diligence framework is comprehensive, with 18 defined areas of evaluation. We evaluate each area to identify cybersecurity maturity and performance against industry key performance indicators.


Our team can undertake technical testing of digital platforms to identify existing security vulnerabilities. This testing can be passive or active penetration testing and provides evidence of critical issues that need immediate resolution. 


Development of a prioritised and validated action plan with the key activities required to address any findings of a Due Diligence review. We can develop a costed plan for the next 12-48 months, using costs based on the relevant geography.

Examples of the benefits we've delivered to clients

Bicycle Shop

Retail : Due Diligence of a European e-commerce platform and retail stores

This pre-acquisition target was a leading European retailer with a large e-commerce platform and retail stores. Our team undertook a cybersecurity review to ensure customer data was securely managed and built an improvement plan to achieve planned revenue targets.

Linkedin Photo.jpg

More Information: 

Andy Weller

Image by Korie Cull

Retail: Review of customer Payment Card information across retail branches

Our client had an extensive network of retail stores and planned to launch new digital services including financial products. Our team undertook a cybersecurity review to ensure that customer payments information was being managed securely.

Linkedin Photo.jpg

More Information: 

Andy Weller