Cybersecurity Due Diligence Is Critical

Uploaded on 2016-08-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The 2015 security breach of major insurer Anthem, which left an estimated 80 million customer records exposed, and the compromise of the information of 157,000 customers of British firm TalkTalk, are just two out of many examples of serious high profile cyberattacks that have spurred concerns over the security of corporate information and demonstrated that every sector is vulnerable to cyber threats.

In response to the growing cybersecurity challenges facing corporate mergers and acquisitions (M&A), West Monroe Partners, a Chicago based management and technology consulting firm, recently released a report providing insight into the complexities and challenges of cybersecurity due diligence in the acquisition process.

West Monroe Partners commissioned Mergermarket, a New York based media company, to interview a number of North America-based senior M&A practitioners, including corporate executives and private equity partners.

The 28 page report, “Testing the Defenses: Cybersecurity Due Diligence in M&A,” revealed that the potential costs of cybersecurity problems are enormous. In 2015, the Identity Theft Resource Center reported 781 data breaches at companies in the United States, with the average cost of a data breach being $3.79 million, according to a survey commissioned by the International Business Machines Corporation (IBM).

Fortunately, acquirers are starting to take note. Over three-quarters of respondents said that significant data breaches and associated costs over the past two years have prompted more attention to the cybersecurity of M&A targets. For example, the practice of investigating cybersecurity practices of the other business before a key merger is becoming increasingly important for corporations.

“When a data breach lands on the front page of CNN.com or The Wall Street Journal, companies start to pay closer attention to the issue. In the last 18 to 24 months, we have really started to see the importance of cybersecurity resonate with our clients.” Said West Monroe’s Managing Director Matt Sondag.

However, more than a third of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.

The report also found that in the majority of cases, cybersecurity issues alone are not enough to cause a buyer to abandon an acquisition with 77 percent of respondents saying that they have never walked away from a deal for that reason.

The study’s findings led to five main findings:

  • Cybersecurity diligence is no longer optional.
  • Knowledgeable personnel are key.
  • Good governance trumps bells and whistles.
  • Be practical when assessing risks.
  • Remember to implement deal protections.

Good governance is a crucial aspect of a cybersecurity strategy and must include ongoing review and renewal of best practices. Even with the most cutting-edge technology, an organization without effective security governance is not equipped to protect itself against cyberattacks.
 
“In reality, it doesn’t matter how many tools you have and how good or bad they are if you’re not actively managing the use of them and constantly adjusting your security program,” said West Monroe’s Senior Data Security Architect Paul Cotter.

HSToday

 

« Easy: Hackers Take Down A Hospital
What Makes A Data Scientist? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

SQA Service

SQA Service

SQA Service provide independent software and process Quality Assurance services.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.

Noma Security

Noma Security

Noma Security's mission is Application Security for the Entire Data & AI Lifecycle.