Is cybercrime going to cause the next global economic meltdown?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-age.com/technology/security/123459689/cybercrime-going-cause-next-global-economic-meltdown

Last year will be remembered as a pivotal moment for cybersecurity after a
number of high profile breaches dominated the headlines. Such attacks will
obviously have a lasting impact on a company’s reputation, but the effect
that this can have on the value of a company is often overlooked. A cyber
attack could pull the proverbial rug from underneath the sustainable growth
of a business.

In our information age, a company’s expansion plans will often require the
digitalisation of certain key functions and processes to improve efficiency
and, by extension, profit. If this digitalisation occurs without an
accompanied investment in cybersecurity, the company could unknowingly open
itself up to a cyber attack at the core of business operations.

It’s difficult to put a price tag on information, and perhaps this is why
data security is often overlooked or underinvested in; however, this
doesn’t mean that data has no value. Research from the Ponemon Institute
shows that the average total cost of a data breach is $3.79 million. The
study also found that there has been a 23% increase in the total cost of a
data breach since 2013.

This increase could be explained by an increase in the value of data, but
also by an increase in the propensity for businesses to rely on digital
systems that may be vulnerable to attack. It’s therefore vital that
businesses recognise the risk of a cyber attack for the damage that it can
cause, not only to the security of key company data and systems, but also
to the integrity of their business and value as a whole.

What does this mean for the growth prospects of a business?

This risk becomes all the more salient when one considers its implications
for the future growth of the business – something that corporate investors
and private equity firms are paying increasingly close attention to.
Successful businesses often draw the attention of cyber perpetrators, and
considerations such as whether to merge with or acquire another business is
a decision that tends to come with success.

EY's Capital Confidence Barometer found that 56% of companies expect to
pursue acquisitions in the next 12 months, and if your business is to
consider taking this next step, it’s vital to have a comprehensive history
of investment in cybersecurity and data compliance.

Buyers or investors are looking for companies that show growth potential,
including the ability to expand into new markets or transform to the
digital economy. Corporate buyers and private equity firms are less likely
to want to acquire or merge with another if it poses a risk of compromising
their own security or portfolio value.

If they do choose to go ahead with the deal despite this lack of investment
in cybersecurity, it can be used as a negotiation point during the
valuation process.

In the merger and acquisition (M&A) market, performing diligence on a
target is an increasingly comprehensive process in our information age, but
simplistically it is comparable to the process of buying a used car, in the
sense that dealmakers will be more likely to purchase a model that has a
history of regular service and reliability. Investment in cybersecurity can
therefore not only prevent reputational damage and data leakage, but also
make your business more attractive to potential buyers, and thus increase
its value.

Cybersecurity in the M&A market

The M&A market in particular is a perfect hunting ground for cyber
criminals, where we see $1 trillion in deals executed by Private Equity and
Corporate businesses each year. In most deals, commercial pressures to
ensure top line growth and drive operational efficiencies over a relatively
short investment period understandably take priority.

However, rapid technological change has brought increasing cybersecurity
risks, which has now become a key issue that must be managed as a vital
part of the deal-making process. We explore these risks below and discuss
how they can be identified and mitigated at each stage of a deal.

Pre-deal

The activities leading up to transaction signing is perhaps the most
sensitive stage, due to the number of parties involved on both the
sell-side and buy-side and the multiple flows of information between these
parties, above and beyond the daily course of business.

These two factors combined with the aggressive timescales of a transaction
can create vulnerabilities that can be exploited by cyber criminals to gain
access to commercial data, intellectual property or sensitive company
information.

In order to manage this risk, companies need to ensure that they have
strong information handling procedures and governance mechanisms in place
to ensure the information shared maximises the valuation but limits
exposure. During this period of intense activity we would expect
organisations to put in place heightened security and monitoring measures
to identify suspicious activity at the earliest possible stage and protect
the individuals involved against inadvertent lapses.

Exit readiness

Cyber security threats can greatly undermine the timing and success of the
sale process. A cyber security attack leading up to exit can potentially
lead to delays in the process, risk losing reputation and value or in some
cases lead to a decision to abort the deal entirely.

In preparation for a sale or IPO, organisations should be aware of the
expectations and requirements of potential buyers and the market, and
ensure that their cyber security maturity is aligned. Incorporating a cyber
security assessment as part of the exit readiness will allow time for any
potential deficiencies to be addressed, and to identify if market and buyer
expectations have changed or are different to the status quo.

Making the right decisions

Executives and investors need to establish whether funding initiatives to
counteract the cyber threat are critical to the business’ value; examples
of this could be non-compliance with regulatory requirements, increased
threat exposure, vulnerable data required for day to day operations, or
significant value in unprotected intellectual property that is crucial to
generating the company’s revenue. Establishing the most important digital
assets which create value for a company is the first step.

This can be used to assess the appropriate level of investment and
understand the impact on value should these assets be compromised by a
cyber attack.

Cybersecurity is equally as important for companies who have yet to enter
the M&A market. If they are to achieve sustainable growth, it’s vital that
key company data, intellectual property and systems are sufficiently
protected against cyber attack to reduce the chance of reputational damage
or value leakage.

Cybersecurity is no longer just an IT risk issue, but one that executives
and entrepreneurs need to leverage to facilitate business growth and
sustain deal value.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!