Skip to main content
Perspective:
Perspective
09 Mar 2026
5 minute read

Digital Footprint Analysis: due diligence for M&A cyber risks

On the tail of increased digitisation, paperless offices, remote working, and increase geopolitical tensions, recent years have seen a marked increase in cyber incidents targeting companies across every sector, from ransomware disrupting logistics providers, to phishing campaigns aimed at financial institutions, to data breaches exposing sensitive customer data. As the sophistication and frequency of these attacks grow, investors should ensure they take steps to understand the digital risks of their M&A targets, alongside the many other areas of risk being evaluated during the due diligence process.

Integrity Due Diligence (IDD) is now well-established as an essential part of any acquisition process, enabling investors to understand the operational, reputational and legal risks associated with a target company without requiring access to its internal books and records. As digital assets now present as much value and potential vulnerability as more traditional operations, these same hands-off IDD methodologies can be used to assist in understanding the cyber risks of a target, through the complementary service of Digital Footprint Analysis (DFA).

Understanding the digital footprint

A company’s digital footprint encompasses every point of its online presence and public-facing exposure. This includes websites, domains, and hosted infrastructure, as well as related data such as social media activity, leaked credentials, and content relating to key employees that could be exploited by malicious actors. Beyond these readily visible elements, Digital Footprint Analysis also extends to consider dormant, redundant or forgotten infrastructure such as old subdomains, outdated plugins, backdoor developer tools, and unpatched systems that may no longer be actively managed but remain accessible online. In addition, it can seek to identify leaked credentials or data assets offered for sale on the dark web.

A Digital Footprint Analysis does not focus purely on technical specifications. It bring insight into how a target company appears to the outside world, particularly through the eyes of those who might seek to compromise it. Attackers are highly opportunistic, and by mapping out this footprint an acquirer can identify potentially weak points that could translate into financial or reputational damage once ownership transfers. Forewarned, they can either require that these risks be addressed prior to the completion of a transaction, or put a robust strategy in place to mitigate the risks once the business comes under their control.

The Context of Rising Cyber Threats

The global cyber threat landscape continues to evolve rapidly. Phishing remains one of the most common and effective attack vectors, with simple human error often therefore serving as the entry point for broader breaches. Threat actors will combine social engineering with data harvested from public sources (including staff names, job titles, or even tone of communications from social media, as well leaked email addresses or data from unsecured file repositories) to craft convincing communications that bypass conventional defences and trick individuals into granting access to attackers.

In parallel, ransomware has shifted from largely indiscriminate attacks to targeting companies with high-value data, critical infrastructure, or complex supply chains where the impact of any disruption is high (with each increasing the likelihood of a large ransom payout).

For acquirers, there is a heightened risk that an inherited vulnerability could be exploited shortly after a transaction, as the integration of disparate systems and changes in access rights, and adjusted security policies may create temporary gaps in security oversight. Threat actors are well aware that this more chaotic period presents a golden opportunity to attack, making robust cyber due diligence even more crucial to any M&A and post-integration strategy.

Integrating Digital Footprint Analysis into wider transaction due diligence

Just as financial, legal, tax and integrity due diligence are all standard in modern, best practice acquisition planning, cyber-risk assessments should also be embedded into the transaction lifecycle. A Digital Footprint Analysis provides a structured way to achieve this. The process might typically include:

  • Surface Web Assessment: reviewing key domains, subdomains, and associated infrastructure for configuration weaknesses, outdated software and protocols, and forgotten domains or open ports.
  • Social Engineering Exposure: analysing publicly available information for key individuals that could be leveraged in targeted attacks against employees or executives, including personal contact details or company confidential information that should not be shared on social media.
  • Deep / Dark Web and Breach Intelligence: identifying whether credentials, intellectual property, or internal communications have appeared in breach repositories or criminal marketplaces; or whether actors have offered access to the target’s network or data for sale.
  • Typosquatting and other impersonation: actors may register similar domain names to their target (with small typos or other small differences), both to support attacks and to take advantage of opportunistic typos. Research can also establish whether these domain names point to an active mail server or IP address.

Findings from Digital Footprint Analysis can inform negotiation terms, influence valuation, or lead to pre-closure remediation commitments. Even more importantly, they help to prevent the acquisition of unseen liabilities, whether in the form of compromised systems, latent breaches, or vulnerabilities that could invite immediate exploitation post-transaction.

From compliance to resilience

The integration of Digital Footprint Analysis into Integrity Due Diligence represents a natural evolution in corporate risk management. As acquirers seek to protect value, the ability to identify and manage cyber exposure before closing a deal is becoming increasingly relevant. Deloitte’s fully resourced and multi-disciplinary team of Cyber professionals is well-placed to assist you in understanding, identifying and mitigating potential digital risks ahead of a transaction.

For more information on how we can support you with both Digital Footprint Analysis and Integrity Due Diligence please contact Rick Dickerson (rdickerson@deloitte.co.uk) in our Corporate Intelligence Services team.

Get in touch

Rick Dickerson

Rick Dickerson

Senior Manager
+44 (0)20 7303 2123
Yiyun Ding

Yiyun Ding

Senior Consultant
+44 (0)77 4118 9875

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Our thinking

Value Creation - Transformation

Building value is at the heart of every organization. Our single-minded goal is to uncover value, improve cash flow, and implement sustainable valuation strategies.
Service
3 minute read

Sustainable and Resilient Supply Chains | Deloitte UK

Spotlight on The German Supply Chain Due Diligence Directive
Research

How to tackle supply chain challenges and thrive

This will be an article page that will feature a video, as well as a download button for the report.
Perspective
5 minute read

Restructuring & Performance Improvement

Volatile market conditions present unprecedented challenges for businesses today, but also tremendous opportunities for those prepared to act decisively. Successfully navigating difficult and often complex situations demands specialist expertise and knowledge. 
Service
5 minute read