How can you discover if an investment target is one keystroke away from a major cyber incident or data breach? How can you determine that an attacker isn’t already lurking in their network? Cyber due diligence conducted prior to investment can help identify actual or potential cyber security lapses, areas that may be at risk, quantify remediation costs and help restructure an investment should substandard cyber security systems data or latent breaches be discovered.
Tim Ryan, Kroll’s Cyber Investigations Practice Leader launched into a recent webinar discussing the significance of Due Diligence prior to any transaction.
Cyber due diligence is defined further by Tim Ryan as, “the review of the governance, processes and controls that are used to secure information assets.” He goes on, “Many in the field understand that this is not merely a technical issue, that governance plays a very large role in IT security and enterprises today.”
In the webinar, the former FBI agent, lawyer and professor stressed the basic importance of cyber due diligence in your potential M&A transaction by asking simple questions from a qualitative and quantitative view point. Inquiring about pre-transaction testing of current software and systems running in an enterprise can uncover known malware, suspected malware, vulnerable or outdated software, and unrestricted use of dangerous tools often co-opted by hackers.
“We understand due diligence in the regular acquisition and merger process that normally goes on the marketplace. Cyber though, should be an added step because it’s a risk, like any other risk, that may devalue the deal” The benefit to investors in being able to quantify any potential cyber remediation costs, as well as the benefit to sellers being able to strengthen their attractiveness to investors makes cyber due diligence a necessary step in your acquisition or sales process. Ryan stressed further that sellers need to remember that latent cyber issues or shortfalls can appear at crucial times during a sale, “Even if you’re not required to do it right now, in the next eighteen months they are going to be required to do it, so you might as well take this problem off the board right now.”
The forty-minute webinar details the intrusion methodology used by sophisticated attackers and gives viewers an understanding of the nature of intrusions and the potential pervasiveness within an enterprise. If you are approaching a merger, acquisition or basic need to know what to address in your negotiation, the simple questions and thoughts addressed by Ryan shed light on the costly risks of a lacking cyber due diligence component.
Access the free, on demand webinar on Kroll.com