Cybersecurity Due Diligence Is Critical

The 2015 security breach of major insurer Anthem, which left an estimated 80 million customer records exposed, and the compromise of the information of 157,000 customers of British firm TalkTalk, are just two out of many examples of serious high profile cyberattacks that have spurred concerns over the security of corporate information and demonstrated that every sector is vulnerable to cyber threats.

In response to the growing cybersecurity challenges facing corporate mergers and acquisitions (M&A), West Monroe Partners, a Chicago based management and technology consulting firm, recently released a report providing insight into the complexities and challenges of cybersecurity due diligence in the acquisition process.

West Monroe Partners commissioned Mergermarket, a New York based media company, to interview a number of North America-based senior M&A practitioners, including corporate executives and private equity partners.

The 28 page report, “Testing the Defenses: Cybersecurity Due Diligence in M&A,” revealed that the potential costs of cybersecurity problems are enormous. In 2015, the Identity Theft Resource Center reported 781 data breaches at companies in the United States, with the average cost of a data breach being $3.79 million, according to a survey commissioned by the International Business Machines Corporation (IBM).

Fortunately, acquirers are starting to take note. Over three-quarters of respondents said that significant data breaches and associated costs over the past two years have prompted more attention to the cybersecurity of M&A targets. For example, the practice of investigating cybersecurity practices of the other business before a key merger is becoming increasingly important for corporations.

“When a data breach lands on the front page of CNN.com or The Wall Street Journal, companies start to pay closer attention to the issue. In the last 18 to 24 months, we have really started to see the importance of cybersecurity resonate with our clients.” Said West Monroe’s Managing Director Matt Sondag.

However, more than a third of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.

The report also found that in the majority of cases, cybersecurity issues alone are not enough to cause a buyer to abandon an acquisition with 77 percent of respondents saying that they have never walked away from a deal for that reason.

The study’s findings led to five main findings:

  • Cybersecurity diligence is no longer optional.
  • Knowledgeable personnel are key.
  • Good governance trumps bells and whistles.
  • Be practical when assessing risks.
  • Remember to implement deal protections.

Good governance is a crucial aspect of a cybersecurity strategy and must include ongoing review and renewal of best practices. Even with the most cutting-edge technology, an organization without effective security governance is not equipped to protect itself against cyberattacks.
 
“In reality, it doesn’t matter how many tools you have and how good or bad they are if you’re not actively managing the use of them and constantly adjusting your security program,” said West Monroe’s Senior Data Security Architect Paul Cotter.

HSToday

 

« Easy: Hackers Take Down A Hospital
What Makes A Data Scientist? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Omerta

Omerta

Omerta is a global security technology and services company. We advise, consult, design, build, mitigate, protect, manage, provide and train to protect from increasing cyber threats.

Deep Identity

Deep Identity

Deep Identity is a boutique system integrator, with expertise in tailored identity governance & administration (IGA) and identity access management (IAM) solutions.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Bradley-Morris

Bradley-Morris

Bradley-Morris is a leading recruiting firm specializing in transitioning military and veteran talent into civilian careers including Cybersecurity.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.