Skip to content

7 potential security risks during a PMI project

The merging of two companies, usually with very different infrastructures and generally with dissimilar security policies and procedures, requires careful forethought and planning.

During the many changes that take place during a PMI project, you need to ensure you don’t leave yourself vulnerable when it comes to security.

  • 40% of PMI projects introduce a security issue.1
  • 70% found compliance problems were one of the most common types of cyber-security issue uncovered during due diligence.1

The merging of two companies, usually with very different infrastructures and generally with dissimilar security policies and procedures, requires careful forethought and planning. By undertaking early analysis and identification of potential risks and vulnerabilities, you can reduce your exposure to threats and ensure your new IT infrastructure is secure at all times.

Let’s take a look at seven key areas you must consider from a security perspective when you’re planning your PMI project:

 

7 potential security risks during a PMI project

 

1. Workarounds

One of the main areas of risk can come from workarounds that may have been put in place temporarily and not removed after Day 1.

Make sure that any provisional measures you’ve taken are then rectified and replaced.

2. Data security

The data you hold can cover everything from sensitive financial information to personal client and employee records. As well as making sure all the usual data storage areas are secure, you should include data clean-up, backups, and recovery procedures.

3. Application security

During a PMI project, you could be introducing new applications and integrating different off-the-shelf tools for the first time.

Rigorous testing should be conducted to ensure compatibility with your new systems.

4. Mobile devices

This testing should also extend to the range of mobile devices being utilised by both companies. Are the applications being used by your remote workers secure? Will security be maintained once integration has taken place?

5. Network security

Network security should cover workstations, network devices including firewalls, routers, access points and web servers. Prior to, and during, integration of your systems you must ensure any vulnerabilities are quickly detected and potentially hazardous gaps closed.

6. Architecture risks

With the merging of two companies, you’ll have diverse architectures of applications, technology and designs coming together. The infrastructural components of each should be assessed to determine any potential weaknesses or design flaws.

7. Policies and procedures

Each organisation in a merger will have its own set of regulations and compliance standards.

In a PMI situation, will one company be adopting the policies and procedures of the other? Or will a new set of policies apply? If this isn’t mapped out before integration, you could leave your organisation vulnerable to security breaches and potential fines for failing to meet legal compliance regulations.

 

Security should be considered from the initial assessment of an acquisition, throughout post-merger planning and during the transition. By focusing on the key areas we’ve mentioned, you can help to avoid delays and reduce risks.

By taking early action, you can ensure a smoother integration of companies and prevent damaging security breaches.

 

Plan for PMI success

If you’d like to know how to prepare your teams and systems for post-merger integration success and gain maximum value from your IT, contact us for a friendly discussion regarding your particular business needs on 0800 622 6719.

 

 {{cta(’23b74a59-42a2-4a7c-8ded-6111a29634b7′)}}

 

Source: 1 www.westmonroepartners.com/Insights/White-Papers/security-survey

Picture of Hutton Henry
Hutton Henry
Hutton has worked with Private Equity Portfolio firms and Private Equity funds since 2015. Having previously worked in post-merger integration for large firms such as Ford and HP, Hutton understands the value of finding issues prior to M&A deals. He is currently the founder of Beyond M&A and provides technology due diligence for VC, PE and corporate investors, so they understand their technology risks before entering into a deal.

Take our FREE Scorecard to find out if your investment is at risk.

Discover the value of technology in your portfolio and target investments to gain more confidence and uncover potentially significant risks that could affect the value of a sale or an acquisition.

More Stories

Back To Top