A circle of trust is not enough to ensure cyber resilience

Cyber resilience

By Heath Davies, Chief Executive.

The recent launch of the government-backed ‘Cyber-security in Corporate Finance' guide, created by a taskforce of UK professional organizations shines a spotlight on the real and ongoing threat of cyber-crime and data breaches within the corporate finance sector. Spearheaded by the ICAEW, it is the latest in a line of public initiatives to reduce cyber-related financial, reputation and legal risks to business and corporate finance transactions. It adds further weight to the argument that critical information protection should be integral to a business on a daily basis, and should be a priority element of the due diligence process.

Many businesses, though seemingly aware of the many daily security risks to their infrastructure, still do not have adequate protection in place to safeguard their critical information and value assets at a highly sensitive time, when its protection is even more critical.

We’ve talked before about understanding the weak link in a value chain; our SVP of Product, Dr Guy Bunker explained the relevance of this in the government’s exercise to test the cyber security readiness of financial institutions (Operation Waking Shark 2). To ensure that a company is robust enough to sustain any kind of cyber-attack, the weakest links need to be identified across an organization on a regular basis. As the recent article in Financial Director explains, it’s the trustworthiness of the “inner circle’s” cyber security which needs to be evaluated and it’s for this reason that “an increasing number of corporates are reviewing the cyber resilience of their external advisors in an attempt to identify weak links”.

The security of your company can determine its value

Cyber security breaches can lead to devastating losses for companies across all sectors – both reputational and financially: from loss of valuable data during an M&A, to loss of clients (through fear of cyber security risks) as well as the potential for large fines from the ICO for failure to adhere to data protection regulation; all factors that can have a serious and direct impact on the company’s future and valuation. Regardless of the company’s industry, technology systems and networks, email communications and online presence will be a fundamental part of it, and these all need to be secure and protected from any form of attack or breach.

When considering an M&A or corporate finance transaction, cyber audits should play equal part to the standard financial audits - and it’s imperative to conduct the same level of detailed analysis before even considering entering negotiations. Knowledge is power and businesses need to be 100% certain of where critical information is 100% of the time.