Cybersecurity Series: Startups & Acquisitions

More and more companies are being built with the expectation of acquisition within 5-10 years. Increasing numbers of entrepreneurs are taking a fail-fast, fail-well approach to innovation, focusing on rapid growth and extremely high risk… and it’s becoming increasingly unusual to find MBAs pitching businesses that do not have a dependency on technology.

All of this is underpinned by necessarily agile processes, allowing businesses to compete in crowded marketplaces and get to market fast enough to get their brand into the customers’ minds.

The problem is that agile development methods are often entirely incompatible with cybersecurity best practices.

Any software developer can tell you that there’s a massive difference between a proof of concept and a live, saleable, product. The problem with cybersecurity is that it is often an afterthought – a layer added at the end of development, or something to be tested in the final phases of development. In fact, late discovery makes security problems far more expensive to fix. Companies that aren’t attempting to evaluate security as they go along are buying expensive problems for later, meaning that their estimation of the value and market-readiness of their products is inaccurate.

In companies where an agile culture has been adopted unanimously across all business functions there may also be other cybersecurity issues to consider – existing cyber security and privacy processes may not be robust enough to be safely merged with the larger purchasing organisation.

CLICK HERE: In this article we explore these issues of building technology and business processes robustly enough for the cybersecurity to pass acquisition due diligence.


Clayden Law has teamed up with technical expert, Emma Osborn. and over the next few months we will provide some back-to-basics analysis of the technical, legal and data protection issues surrounding cybersecurity, aimed at organisations’ non-technical decision-makers. Together, we’ll be highlighting key cybersecurity and data privacy fundamentals and looking at the interplay between law and practice in this area. For more information, click here