Business Workshop: Mergers, purchases need cybersecurity due diligence

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.post-gazette.com/business/legal/2014/11/18/Business-Workshop-Mergers-purchases-need-cybersecurity-due-diligence/stories/201411110001


Buying or merging with a company without analyzing how it protects its
digital data could be as risky as purchasing a company without reviewing
its financials.

But surprisingly, 78 percent of global dealmakers report that cybersecurity
isn’t a part of the due diligence process before mergers and acquisitions,
according to a recent survey by law firm Freshfields Bruckhaus Deringer.

The dangers of ignoring cybersecurity when buying a company have increased
as data breaches become more common and many companies move their data
offsite to a “cloud.” In fact, 90 percent of survey respondents reported
that information about past breaches or cybersecurity weaknesses would
reduce the sales price of an acquisition.

Some questions that buyers should ask about a target company’s
cybersecurity include:

• What is the most sensitive data? Identify information, such as trade
secrets, that hackers are most likely to target.

• Who is storing the data and where? Many companies store their data using
third parties that do not take appropriate security precautions or may be
able legally to hold data hostage in the event of a dispute.

• How is data protected from hackers? Cybersecurity experts should examine
all aspects of the company’s electronic data security program.

• How is data protected from internal leaks? Rogue employees are the most
likely source of data theft. Buyers should find out which employees have
access to sensitive data, and assess the target company’s strategies to
prevent data leaks.

• Have there been past security breaches in the past and how has the
company handled it? Most companies and their advisors develop a “due
diligence checklist” as the first step in analyzing a proposed merger or
acquisition. The wise buyer of business assets will make certain that a
thorough examination of cybersecurity is part of that checklist.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!