Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Due Diligence of Cyber Security Practices in M&As Crucial

Due Diligence of Cyber Security Practices in M&As CrucialIn our previous article, we cited a new report issued by PricewaterhouseCoopers (PwC), “Turnaround & Transformation in Cyber Security: Key Findings from the Global State of Information Security Survey”, and discussed the need for a company’s board of directors to play a pivotal role in cyber security. In the same report, the need for due diligence of cyber security in mergers and acquisitions was also discussed.

According to the report, as organizations continue to grow through M&As, the cyber security practices and potential liabilities of an acquisition of or merger with a target company become serious risks. Businesses that don’t incorporate cyber security assessment as part of their M&A due diligence put themselves in jeopardy of an attack. In fact, due diligence of the target company’s cyber security capabilities and risks is becoming as essential as a detailed audit of its financials, cites the report.

Think about it. Sophisticated cyber criminals may infiltrate smaller, more vulnerable companies with less secure cyber protocols and wait for them to be acquired by larger firms. Once the two company’s information systems are integrated, threat actors may attempt to gain a foothold on the networks of the acquiring firms to carry out attacks.


However, according to a survey conducted by law firm Freshfields, which was cited in the PwC report, “of the 214 global dealmakers questioned 78% of respondents believe cyber security is not analyzed in great depth or specifically quantified as part of the M&A process.” The Freshfields survey also found that 90% of respondents believe cyber breaches would result in a reduction in deal value and 83% believe a deal could be abandoned if cyber security breaches are identified during deal due diligence or mid-transaction.

Assessing Cyber Security Risks During the M&A Process

Three areas should be considered in assessing cyber security risks during the M&A process:

  • The countries in which the targeted company is headquartered and operates.
  • The organization’s industry sector.
  • The organization’s individual cyber security practices and incident history.

Operations in certain countries may carry more inherent risks than others and may also be subject to stricter privacy regulations. Also, the type of risks vary by industry. For example, healthcare, retail and financial services are top targets of cyber attacks.  

When evaluating an organization’s cyber practices, not only do you have to look at key areas of vulnerabilities and what measures are in place, but also what type of incident response and crisis management plan is in place as well as the strength and responsiveness of their Cyber Liability insurance coverage. How broad is the coverage, what type of losses are covered and what type of services does the insurer provide?
Axis Insurance Services is positioned to help you evaluate both your own Cyber Liability insurance policy and that of any potential targeted company you may be considering acquiring. Our expertise can assist you in evaluating potential risks as well as gaps in coverage that may exist and help you remedy these. Give us a call at (877) 787-5258 to speak with one of our Cyber insurance professionals.

Comments

comments

Blogged on: November 2, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions