Due diligence is very much like a home inspection when you’re buying a house. When you’re buying a house, you want to understand all the possible concerns about your new home. In today’s housing market, most sellers are also getting a home inspection before putting the house on the market. These two activities are direct parallels to Buy-side and Sell-side due diligence. However, unlike home inspections that try to identify all possible concerns with the house, some due diligence efforts only look at a few things, like the finances or taxes. This would be akin to buying a home and only inspecting the roof.
What cyber due diligence attempts to do is to understand another aspect of the target company. Every organization has cybersecurity risks. Understanding the depth and breadth of the cybersecurity risks is just as critical as understanding financial or tax risks.
Here are three questions a PEG needs to consider when evaluating an acquisition: