M&A Cybersecurity Due Diligence

M&A Cybersecurity Due Diligence Leviathan Security Group

Cyber Due Diligence Investing in a company requires visibility into all assets and liabilities. The investigation should extend beyond the balance sheet: Cyber security and privacy risk can impact valuation significantly.

Acquiring companies can no longer afford to take their target’s security for granted; insecure acquisitions and undiscovered privacy issues can jeopardize the acquisition’s long-term prospects and expose them to liability. For a purchaser, quickly identifying a target’s cybersecurity impacts on valuation can provide leverage and reduce deal friction by determining realistic offsets and escrows.

Leviathan Security Group can provide timely security reviews including technology, architecture, maturity, and regulatory compliance evaluations for businesses of all sizes. Our evaluations estimate the time and costs to remediate issues that impact go-to-market or stay- in-market decisions. We pride ourselves in being low-friction and providing actionable guidance without interrupting deal flow.

We have experience across many fields; our consultants have evaluated product manufacturers, IP holding companies, e-commerce and SaaS providers on both the buy and sell sides.

Our broad experience and individualized approach to evaluation brings demonstrated results more quickly, and with greater impact for our clients. If you are acquiring or investing in a technology firm and performing due diligence, Leviathan is the partner your business needs.

Representative Experience • Pre-Purchase Security and Compliance Evaluation We performed a rapid assessment of a specialty network device provider, identifying security flaws in an older product still offered for sale. We provided plans for discontinuing the product or issuing remediation guidance for in-use devices along with remediation costs.

• Pre-Closing Security Remediation We performed a detailed review and validation to cure security gaps identified during the due diligence.

• Cloud Security Reviews and Assessments Leviathan engineers have been instrumental in evaluating, and in some cases creating, security policies, tools, and procedures for two of the world’s largest cloud computing service providers.

• Pre-Market Security Evaluations We have performed hundreds of technical and maturity assessments for clients in nearly all market verticals. We have assessed products before they were released, as well as products planning to move into new markets.

• Rapid Technical Review We have performed rapid technical security reviews of devices and applications to inform purchase and go-to market decisions. If you need a rapid assessment of the cybersecurity risks of a potential acquisition, Leviathan is the partner you need.

Alex Muentz M&A Practice Lead

Alex Muentz is the M&A Practice lead in the Risk and Advisory Services group.

Alex has led multiple pre-acquisition due diligence projects with targets in the Technology, Retail, and Educational industries. Alongside due diligence work, Alex has guided many clients to meet security and regulatory requirements with reasonable, tailored security guidance.

Alex’s technical background includes deep dives on embedded systems in the physical security space, penetration testing and many years in infrastructure IT.

He is a frequent presenter at cybersecurity and legal conferences, including Bloomberg’s Law Leadership Forum, DEF CON, HOPE and ShmooCon. He has a BS in Economics from Northeastern University and a JD from Temple University.

Leviathan Security Group Inc.

3223 3rd Ave S, Suite 100 Seattle, WA 98134 p: 866.452.6997 f: 206.225.2004 e: [email protected] www.leviathansecurity.com