BreachExchange mailing list archives
Business Workshop: Mergers, purchases need cybersecurity due diligence
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 18 Nov 2014 19:03:10 -0700
http://www.post-gazette.com/business/legal/2014/11/18/Business-Workshop-Mergers-purchases-need-cybersecurity-due-diligence/stories/201411110001 Buying or merging with a company without analyzing how it protects its digital data could be as risky as purchasing a company without reviewing its financials. But surprisingly, 78 percent of global dealmakers report that cybersecurity isn’t a part of the due diligence process before mergers and acquisitions, according to a recent survey by law firm Freshfields Bruckhaus Deringer. The dangers of ignoring cybersecurity when buying a company have increased as data breaches become more common and many companies move their data offsite to a “cloud.” In fact, 90 percent of survey respondents reported that information about past breaches or cybersecurity weaknesses would reduce the sales price of an acquisition. Some questions that buyers should ask about a target company’s cybersecurity include: • What is the most sensitive data? Identify information, such as trade secrets, that hackers are most likely to target. • Who is storing the data and where? Many companies store their data using third parties that do not take appropriate security precautions or may be able legally to hold data hostage in the event of a dispute. • How is data protected from hackers? Cybersecurity experts should examine all aspects of the company’s electronic data security program. • How is data protected from internal leaks? Rogue employees are the most likely source of data theft. Buyers should find out which employees have access to sensitive data, and assess the target company’s strategies to prevent data leaks. • Have there been past security breaches in the past and how has the company handled it? Most companies and their advisors develop a “due diligence checklist” as the first step in analyzing a proposed merger or acquisition. The wise buyer of business assets will make certain that a thorough examination of cybersecurity is part of that checklist.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Business Workshop: Mergers, purchases need cybersecurity due diligence Audrey McNeil (Nov 26)