Skip to main content

Cyber security best-practice in mergers, acquisitions and MoG changes

desk people

The Australian Cyber Security Centre (ACSC), has developed tailored advice to help organisations manage the increased cyber security risks, including when data is being migrated from one system to another. 

Businesses undergoing major organisational change, whether it be through a merger, acquisition or Machinery of Government changes, are an attractive target for cyber criminals because of significant upheaval and disruption to the normal flow of business.

Cyber criminals know that major change brings disruption, making it easier to scam staff and compromise systems with social engineering attacks such as Ransomware, business email compromise, payroll fraud and phishing campaigns.

The reality is that organisations must be prepared, well before they announce they’re entering an acquisition or merger.

Our Mergers, Acquisitions and Machinery of Government Changes publication includes information on what you should tell your staff to be wary of, including scams and bogus requests for data, payment or access from people they don’t know. 

Cyber security is a critical part of major organisational change and to manage the increased risk, organisations should focus on the following three areas:

  • minimise the accumulation and compounding of your technical debt
  • ensure your data and systems are well integrated and properly patched, supported and monitored, and
  • understand the previous operating environment and security controls which protected your data and systems to ensure appropriate and ideally equivalent, or greater, protection is afforded in the new operating environment.

For more information

Read our guidance on how organisations can prepare and respond to a cyber security incident.

Contact IDCare at if you or your colleagues have experienced identity theft.

Go to the ‘Have I been Pwned?’ website to see if email accounts have been breached.

If your organisation has been a victim of a cybercrime, go to ReportCyber and report it.

To learn more about the OAIC Notifiable Data Breaches scheme, visit the OAIC website.

To report a cyber security incident, email or call 1300 CYBER1 (1300 292 371).

July 26th, 2019