Request a Demo Contact Us
Press release

Bugcrowd Launches a Merger and Acquisition Assessment to Rapidly Evaluate the Security Posture of M&A Targets and Mitigate Cyber Risk Post Acquisition

Pre-packaged, security testing solution facilitates rapid  evidence-based due diligence on an acquisition or merger target to accelerate complex M&A processes and determine the risk of exposed assets or security breaches

SAN FRANCISCO– Aug. 19, 2020 – Bugcrowd, the #1 crowdsourced security company, today announced the launch of Bugcrowd M&A Assessment (Mergers and Acquisitions), a pre-packaged bundle of security tests that combine remotely-deployed penetration testing with the advanced asset discovery, alerting, attribution, prioritization, and management capabilities of the Bugcrowd platform. Organizations can initiate these tests in 72 hours or less—record time for the industry—and access results in real-time, expediting an evidence-based evaluation of a merger target’s cybersecurity posture.

“By 2022 60% of organizations engaging in M&A activity will consider cybersecurity posture as a critical factor in their due diligence process, up from less than 5% today,” states Gartner in their report, Cybersecurity is Critical to the M&A Due Diligence Process. Gartner also notes that, “the inability to manage the integration of cybersecurity practices poses its own risks.”*

“Mergers and acquisitions are inherently complex and lengthy processes. Historically, the M&A diligence process had focused on financial, legal, commercial and technology risk, with limited attention placed on cybersecurity risk,” said Ashish Gupta, CEO of Bugcrowd. “With the sprawling digitization of information and assets, and the resulting increase in cyber threats, companies are rapidly expanding their security assessments during the diligence period. Bugcrowd has responded to its customers by using our unique capabilities to identify and assess vulnerabilities that could influence an M&A process and negotiation.”

M&A Assessment  leverages a global network of highly vetted and carefully selected security researchers to evaluate the security posture of target assets exactly as attackers would. This allows organizations to identify potential blind spots, mitigating  the risk of an exposed asset or potential breach. 

“Security teams are often given little notice of an M&A event, making speed as important as quality and the ability to action results,” said Charles Valentine, Head of Security of Indeed. “M&A Assessment provides the acquiring company with immediate insights into an acquiree’s security posture allowing them to have clarity on the entire landscape and the wherewithal to make a ‘go/no-go’ decision on the M&A deal.”

Bugcrowd M&A Assessment offers:

  • Penetration Testing: M&A Assessment offers pay-per-results or pay-per-project testing enabling organizations to identify and harden their attack surface.
  • NDA-Backed Testers: Bugcrowd’s global network of NDA-backed pen testers provide immediate access to trusted talent, matched by experience and aptitude for every engagement.
  • Software-powered asset discovery: Quickly compiles an organization’s asset inventory to surface previously unknown or unprioritized and potentially vulnerable internet-facing assets
  • Launch in as little as 72 hours: Customers can access test results in the platform as they are discovered, enabling daily status updates.
  • Complete audit-ready reports available in just three weeks: Executive-level reports are available in just three weeks, comprising the expert analysis, risk scoring and recommendation of Penetration Testing and Attack Surface Management, allowing organizations to make faster and smarter decisions during mergers or acquisitions.

How it Works:

  • Rapid Resourcing: Targets identified; resources matched by skill and experience
  • Triage & Prioritization: Incoming vulnerabilities or discovered assets are validated/attributed and risk-ranked
  • Aggregation: Results from Pen Test and Asset Inventory are aggregated and assessed
  • Executive Reporting: Detailed results + executive analysis for “go/no-go” decision
  • Post-Report Analysis: In-depth security reports are delivered within three weeks with expert analysis

To learn more about Bugcrowd M&A Assessment, please visit our solutions page.

*Gartner, Cybersecurity Is Critical to the M&A Due Diligence Process Refreshed 13 September 2019, Published 30 April 2018

“Bugcrowd” is a  trademark of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

 About Bugcrowd 

Bugcrowd is the #1 crowdsourced security company. Top Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. Bugcrowd’s award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at


Allison Arvanitis
Lumina Communications for Bugcrowd