M&A Cyber Due Diligence Redefined

M&A Cyber Due Diligence Redefined

Blog | News

M&A Cyber Due Diligence Redefined

PacketWatch Launches a Progressive 7-Step Program to Help Attorneys and Their Clients Identify and Eradicate Cybersecurity Risk

SCOTTSDALE, Ariz., November 07, 2022 /PRNewswire/ — Today, PacketWatch launched a comprehensive suite of cybersecurity services for midsized enterprises considering a merger or acquisition. The cost-effective PacketWatch M&A solution for buyers and sellers starts with non-invasive steps that increase in intensity as indicators of compromise or risk are uncovered. The progressive approach, blend of human and artificial intelligence, industry-standard cybersecurity frameworks, and concierge-style client experience set this methodology apart from traditional M&A cyber due diligence efforts.

“We set out to proactively redefine the cyber due diligence process with input from our law firm partners,” said Chuck Matthews, CEO of PacketWatch. “Most companies try to use questionnaires and internal people to assess their cyber maturity. The result is inefficient and often inconclusive. Without the proper tools and experience, it is practically impossible to determine whether the organization has already experienced a cybersecurity incident. An advanced persistent threat isn’t something visible to the naked or untrained eye.”

“We set out to proactively redefine the cyber due diligence process with input from our law firm partners.”

Chuck Matthews

Cost is one of the primary reasons companies try to assess their own security posture. But when it comes to investment risk and liability, stakeholders of $50 million to $1 billion organizations will want an expert opinion and quantitative data. The PacketWatch progressive approach aligns the cost of the cybersecurity analysis with the size and scope of the M&A transaction and the degree of risk discovered.

“The demand for M&A cyber due diligence has grown exponentially over the last few years as companies experience the impact of undiscovered cyber risk from previous transactions,” said Jeff Beall, Vice President of Business Development at PacketWatch. “More and more lawyers are beginning to understand that the ‘blind spot’ exists and need us to quantify or fix it.”

The PacketWatch M&A Cyber Due Diligence Service Suite leverages a unique set of open-source and proprietary tools combined with diverse military, law enforcement, enterprise, and national security experience. The team specializes in detecting and eradicating security vulnerabilities, threats, and risks that others may miss.

The 7-Steps in the M&A Cyber Due Diligence approach are:

  1. Cybersecurity Framework Review
  2. Cyber Risk Assessment
  3. Active Vulnerability Assessment
  4. Compromise Assessment/Threat Hunt
  5. Security Controls Validation
  6. Monitoring and Incident Response
  7. Post-Acquisition Security Services


“The services themselves are foundational, but the way our highly-experienced team holistically integrates and executes them makes all the difference,” adds Beall. “Having our cybersecurity experts on your M&A due diligence team will ensure that cyber-related risks are identified, well-documented, and in cases where the target organization is cooperative, eradicated.”

To learn more about the PacketWatch M&A Cyber Due Diligence Service Suite, visit our website or Request an Appointment with Jeff Beall.


About PacketWatch
The PacketWatch team detects and eliminates security risks that others may miss. Our senior cybersecurity experts work directly with our clients to establish an Active Defense with packet-level data and actionable threat intelligence to extend network visibility beyond a traditional perimeter. With daily threat hunting and exceptional collaboration, we help enterprise and midsized clients understand their adversaries and campaign tactics better than they ever imagined. PacketWatch incident response services are endorsed by prominent law firms, private equity groups, and cybersecurity companies, nationally. While the right tools are essential, we believe that people ultimately respond to incidents, remediate security gaps, and restore confidence in an organization’s cybersecurity defenses. Get immediate help with an incident by calling 1-800-864-4667 or learn more about our cybersecurity services at www.packetwatch.com.


2022 Fall Privacy + Security Forum

2022 Fall Privacy + Security Forum

Blog | Event

2022 Fall Privacy + Security Forum

Michael McAndrews to Speak at the Privacy + Security Academy Conference

Michael McAndrews, our Chief Technology and Security Officer is speaking this week as part of a panel at the Fall Privacy + Security Forum in Washington, DC. The conference runs from November 2nd to the 4th and focuses on deep-dive sessions with practical takeaways for the industry’s most seasoned security experts.

Michael will be part of a four-person panel during the Thursday session, The Supply Chain Privacy Conundrum – Compliance and Risk in a World of Unknowns. Other panel members include Michael Gold, Partner & Chair of Cybersecurity & Privacy Group, Jeffer Mangels Butler & Mitchell Tanya Forsheit, Senior Counsel, The New York Times, and Robert Bond, Solicitor, Notary Public & Compliance & Ethics Professional, Privacy Partnership Law.

Session Topics

“My focus will be on the subsections of Incident Response Plans that detail what to do if there is an attack in your supply chain.”

– Michael McAndrews

The questions Michael will address will be related to the preparation for a security incident based on his experience with companies that have fallen short in their ability to respond. His focus will be on the subsections of Incident Response Plans that detail what to do if there is an attack in your supply chain. Typical discussion topics include:
  • How do you respond when there is no cooperation from the vendor or partner?
  • How do you verify the authenticity of the data?
  • How how do you protect your brand?
As in all incident response cases, the key is speed and visibility.

If you are in Washington, DC, for the conference, be sure to stop by the session on Thursday or reach out to Michael on LinkedIn if you want to connect in person.