Bugcrowd, the #1 crowdsourced security company, today announced the launch of Bugcrowd M&A Assessment (Mergers and Acquisitions), a pre-packaged bundle of security tests that combine remotely-deployed penetration testing with the advanced asset discovery, alerting, attribution, prioritization, and management capabilities of the Bugcrowd platform. Organizations can initiate these tests in 72 hours or less—record time for the industry—and access results in real-time, expediting an evidence-based evaluation of a merger target’s cybersecurity posture.
“By 2022 60% of organizations engaging in M&A activity will consider cybersecurity posture as a critical factor in their due diligence process, up from less than 5% today,” states Gartner in their report, Cybersecurity is Critical to the M&A Due Diligence Process. Gartner also notes that, “the inability to manage the integration of cybersecurity practices poses its own risks.”*
“Mergers and acquisitions are inherently complex and lengthy processes. Historically, the M&A diligence process had focused on financial, legal, commercial and technology risk, with limited attention placed on cybersecurity risk,” said Ashish Gupta, CEO of Bugcrowd. “With the sprawling digitization of information and assets, and the resulting increase in cyber threats, companies are rapidly expanding their security assessments during the diligence period. Bugcrowd has responded to its customers by using our unique capabilities to identify and assess vulnerabilities that could influence an M&A process and negotiation.”
M&A Assessment leverages a global network of highly vetted and carefully selected security researchers to evaluate the security posture of target assets exactly as attackers would. This allows organizations to identify potential blind spots, mitigating the risk of an exposed asset or potential breach.
“Security teams are often given little notice of an M&A event, making speed as important as quality and the ability to action results,” said Charles Valentine, Head of Security of Indeed. “M&A Assessment provides the acquiring company with immediate insights into an acquiree’s security posture allowing them to have clarity on the entire landscape and the wherewithal to make a ‘go/no-go’ decision on the M&A deal.”
Bugcrowd M&A Assessment offers:
- Penetration Testing: M&A Assessment offers pay-per-results or pay-per-project testing enabling organizations to identify and harden their attack surface.
- NDA-Backed Testers: Bugcrowd’s global network of NDA-backed pen testers provide immediate access to trusted talent, matched by experience and aptitude for every engagement.
- Software-powered asset discovery: Quickly compiles an organization’s asset inventory to surface previously unknown or unprioritized and potentially vulnerable internet-facing assets
- Launch in as little as 72 hours: Customers can access test results in the platform as they are discovered, enabling daily status updates.
- Complete audit-ready reports available in just three weeks: Executive-level reports are available in just three weeks, comprising the expert analysis, risk scoring and recommendation of Penetration Testing and Attack Surface Management, allowing organizations to make faster and smarter decisions during mergers or acquisitions.
How it Works:
- Rapid Resourcing: Targets identified; resources matched by skill and experience
- Triage & Prioritization: Incoming vulnerabilities or discovered assets are validated/attributed and risk-ranked
- Aggregation: Results from Pen Test and Asset Inventory are aggregated and assessed
- Executive Reporting: Detailed results + executive analysis for “go/no-go” decision
- Post-Report Analysis: In-depth security reports are delivered within three weeks with expert analysis