As regulators continue to propose new rules and speak publicly about expanding enforcement, the risks associated with mergers and acquisitions are on the rise. A lack of satisfactory due diligence often results in the onboarding of not only a new asset but also legacy security risks and ongoing security incidents. Not only does this result in a slower integration of assets, but it also increases the costs associated with M&A and has the potential to reduce expected gains. Additionally, this is likely to become a new avenue for regulatory enforcement as policy and technical mitigations become a larger part of the purview of regulators.