Mergers and acquisitions are used to expand a company's market share and increase profitability. When assessing a target, acquiring companies dedicate time and resources to assessing the target's value, but frequently do not consider the target's cyber risk. As a result, cyber incidents frequently occur both during and after an acquisition deal. These results in millions in lost revenue and breaches affecting millions of customers. This paper address how research can be conducted to calculate a company's cyber risk without the benefits of internal visibility.