I’m happy to report that the fourth edition of the IT Due Diligence Guide has been released.
The need to include an IT review during M&A due diligence is greater than ever. Identifying IT shortcomings that can jeopardize a merger or acquisition and put a company’s future at risk is critical. Other less serious issues that are uncovered can still carry a high price tag to address, and it’s important to find these problems prior to the deal closing.
According to the Boston Consulting Group, 63% of acquisitions are completed by companies that purchase no more than one company per year. It’s not reasonable to expect that such companies have resources dedicated to M&A available, let alone an IT due diligence expert. The IT Due Diligence Guide can help fill that gap.
2016 and early 2017 saw the trends of substantial data breaches and related public relations disasters continue. Ransomware attacks spread rapidly and were covered by the mainstream news. Some companies have even begun to keep a stock of bitcoins on hand to pay the ransom.
Many security experts now see hacking as something that can’t be prevented, accepting the fact that it’s almost inevitable when a skilled and determined criminal is involved. The focus is now more on being able to quickly detect and mitigate security incidents.
In the new fourth edition, the IT Due Diligence Guide has been further expanded and reorganized to address the latest IT security and operational concepts. Questions have been added and explanations have been revised.
Not everything in IT due diligence is focused on cybersecurity, however. In fact, most of the book is related to other issues. With the cost of the average data breach reaching over $3.6M however, IT security needs to be a key focus of any transaction if major unanticipated costs and risks are to be avoided.
In addition, given the fact that over 80% of ransomware attacks in early 2016 were experienced by healthcare organizations and considering the special concerns related to IT due diligence in healthcare, a new section dedicated specifically to that industry has been added in this new edition. This includes a healthcare IT due diligence checklist only available with the book. Much of this content is relevant to any company that operates in a heavily-regulated industry or manages highly-sensitive data.
Using the IT Due Diligence Guide and the related tools included with the book, both seasoned due diligence professionals and those working on behalf of the infrequent investor can uncover the technology risks and opportunities in any company.