Cybersecurity M&A Due Diligence is the process of reviewing cybersecurity risks within an organization that is the subject of a potential merger or acquisition, for purposes of planning and assessing whether such risks necessitate deal term changes. Cybersecurity M&A due diligence is an often overlooked component of information technology due diligence, and can include interviewing personnel, reviewing policies and procedures, evaluating previous security testing, and performing updated vulnerability and penetration tests. When performed properly, cybersecurity M&A due diligence can minimize risk, reduce costs, and identify potential deal-breakers.