Mitigating cyber threats in TMT during M&A

How to strengthen cybersecurity strategies and avoid surprises during a transaction

Download PDF
Share

The technology, media, and telecommunications (TMT) industry is experiencing a significant surge in mergers and acquisitions (M&A) as companies seek to stay competitive and unlock new growth opportunities. This surge, which saw global M&A value reach the trillion dollar mark in the third quarter of 2025, highlights a renewed willingness to pursue large, strategic deals despite regulatory and geopolitical uncertainties.1

However, this increased deal activity also brings heightened cybersecurity risks. Historically, legal and operational reviews were sufficient to manage data and technology threats, but the landscape has evolved. Attackers now use advanced technologies, including Generative AI (GenAI), to automate reconnaissance, launch sophisticated phishing campaigns, and exploit zero-day vulnerabilities at scale. The boundaryless nature of modern digital ecosystems, which span clouds, APIs, open-source components, contractors, and edge devices, makes it increasingly difficult for acquirers to fully understand and secure the assets they are acquiring, especially those they do not directly control.

The financial and reputational consequences of cyber threats are severe, with penalties and fines potentially exceeding $1 billion. Moreover, the loss of customer trust and sales can have a lasting impact on a company's success.2

To address these challenges, organizations should consider:

01
Appointing a cybersecurity tiger team

Assemble a dedicated task force to identify industry-specific cybersecurity and regulatory risks and set objectives for the deal.

02
Conducting thorough due diligence

Gather preliminary information about the target company's cybersecurity posture, policies, and procedures in the 30- to 60-day window before the deal is signed.

03
Running a post-close maturity assessment and contract review

Identify cyber risks involved in the new enterprise and match them to statements and assurances provided during due diligence.

04
Focusing on continuous monitoring and strengthening

Conduct ongoing assessments to prevent new vulnerabilities from emerging during integration and beyond.

It is crucial to consider industry-specific risk factors, examine regulatory and compliance requirements, and weigh the costs of assessment and prevention against the potential cost and complexity of a breach response. Additionally, including cybersecurity in the due diligence process is essential.

In the 30- to 60-day window before a deal is signed, gather preliminary information about the target company's cybersecurity posture, policies, and procedures. This high-level assessment should involve reviewing documents, conducting interviews, distributing questionnaires, and identifying critical risks. Request the seller to provide detailed representations of its security posture through a comprehensive questionnaire, with follow-up for greater specificity as needed.

For a deeper dive into these considerations and more, download the full paper and reach out to talk with our team about how to help protect your deals from emerging cyber threats and aligned with regulatory compliance.

Footnotes

1 “Dealmakers Defy Stubborn M&A Market With Rare $1 Trillion Haul,” Bloomberg.com, September 29, 2025.

2 “The True Cost of Cybersecurity Incidents: A Strategic Guide to Incident Response Financial Planning,” Breached Company, May 24, 2025.

Dive into thinking:

Mitigating cyber threats in TMT M&A

Download PDF

Explore More

Cybersecurity considerations for TMT companies
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Cybersecurity considerations for TMT companies

Trends and attack vectors that technology, media, and telecommunications (TMT) companies should be addressing

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Transforming technology risk

Managing technology risk to build stakeholder trust

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

M&A trends in tech, media, and telecom

Q3 2025 M&A trends report: Disciplined dealmaking, transformative transactions

Read more

Meet our team

Image of Anuj Bahal
Anuj Bahal
Principal, U.S. National Technology, Media & Telecommunications (TMT) Deal Advisory and Strategy Leader, KPMG US
Read bio
Image of Kevin Coleman
Kevin Coleman
Partner, Technology Risk, KPMG US
Read bio
Image of Jonathan Fairtlough
Jonathan Fairtlough
Principal, Advisory, Cyber Security Services, KPMG US
Read bio
Image of Anuj Bahal
Anuj Bahal
Principal, U.S. National Technology, Media & Telecommunications (TMT) Deal Advisory and Strategy Leader, KPMG US
Read bio
Image of Kevin Coleman
Kevin Coleman
Partner, Technology Risk, KPMG US
Read bio
Image of Jonathan Fairtlough
Jonathan Fairtlough
Principal, Advisory, Cyber Security Services, KPMG US
Read bio

Explore other services tailored to your business

Service
Cyber Security & Technology Risk
Read more
Service
Deal Advisory and Strategy
Read more
Industry
Technology, media, and telecommunications
Read more

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.
All fields with an asterisk (*) are required.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline