Cybersecurity Due Diligence Is Critical

The 2015 security breach of major insurer Anthem, which left an estimated 80 million customer records exposed, and the compromise of the information of 157,000 customers of British firm TalkTalk, are just two out of many examples of serious high profile cyberattacks that have spurred concerns over the security of corporate information and demonstrated that every sector is vulnerable to cyber threats.

In response to the growing cybersecurity challenges facing corporate mergers and acquisitions (M&A), West Monroe Partners, a Chicago based management and technology consulting firm, recently released a report providing insight into the complexities and challenges of cybersecurity due diligence in the acquisition process.

West Monroe Partners commissioned Mergermarket, a New York based media company, to interview a number of North America-based senior M&A practitioners, including corporate executives and private equity partners.

The 28 page report, “Testing the Defenses: Cybersecurity Due Diligence in M&A,” revealed that the potential costs of cybersecurity problems are enormous. In 2015, the Identity Theft Resource Center reported 781 data breaches at companies in the United States, with the average cost of a data breach being $3.79 million, according to a survey commissioned by the International Business Machines Corporation (IBM).

Fortunately, acquirers are starting to take note. Over three-quarters of respondents said that significant data breaches and associated costs over the past two years have prompted more attention to the cybersecurity of M&A targets. For example, the practice of investigating cybersecurity practices of the other business before a key merger is becoming increasingly important for corporations.

“When a data breach lands on the front page of CNN.com or The Wall Street Journal, companies start to pay closer attention to the issue. In the last 18 to 24 months, we have really started to see the importance of cybersecurity resonate with our clients.” Said West Monroe’s Managing Director Matt Sondag.

However, more than a third of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.

The report also found that in the majority of cases, cybersecurity issues alone are not enough to cause a buyer to abandon an acquisition with 77 percent of respondents saying that they have never walked away from a deal for that reason.

The study’s findings led to five main findings:

  • Cybersecurity diligence is no longer optional.
  • Knowledgeable personnel are key.
  • Good governance trumps bells and whistles.
  • Be practical when assessing risks.
  • Remember to implement deal protections.

Good governance is a crucial aspect of a cybersecurity strategy and must include ongoing review and renewal of best practices. Even with the most cutting-edge technology, an organization without effective security governance is not equipped to protect itself against cyberattacks.
 
“In reality, it doesn’t matter how many tools you have and how good or bad they are if you’re not actively managing the use of them and constantly adjusting your security program,” said West Monroe’s Senior Data Security Architect Paul Cotter.

HSToday

 

« Easy: Hackers Take Down A Hospital
What Makes A Data Scientist? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

SentryBay

SentryBay

SentryBay is the global leader in preventative endpoint isolation protection. We protect remote, BYOD and corporate endpoints so they can safely and securely connect with your corporate network.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.