Seeking Cyber Resiliency in 2016

by Ken Urish 8. December 2015 11:40
In the evolving cyber risk management environment, cyber security is becoming an increasing priority for CFO’s, risk managers and financial executives. This is evidenced by the projected increased emphasis on cyber security for 2016 disclosed by two recent surveys. Consulting firm Protiviti surveyed 650 CFOs and found that, while margins and earnings performance top the list of priorities for 2016, cyber security risks are the next highest priority. TD Ameritrade surveyed 300 senior finance executives and found that 41% of respondents identified data security as an area for increased capital expenditures for 2016. With this increased emphasis, CFO’s are reacting to increased sophistication and frequency of cyber attacks, and a better understanding of the inherent financial risks. The true cost of a cyber breach is complex. A breach of intellectual property affects not just competitiveness, it also hurts market share due to reputational damage and loss of confidence by customers. Productivity suffers during the remediation process and the throughout the internal changes – system upgrades, procedural changes, etc. - that tend to be implemented following a breach. Then there is litigation expense, and in many industries, fines and fees from regulatory non-compliance. Along with growing awareness of the true cost of a breach is the acknowledgement by many risk managers that it is "not if, but when" a breach will occur. Therefore, the focus of the increased expenditures is not just for defense, but rather on preparing for efficient breach response and containment. Investments are increasing in cyber insurance, forensic tools, and for training staff in both protection and response techniques. In short, we are seeing a shift by CFOs and risk managers to a more proactive approach to cyber risk management. The goal - a cyber resilient organization.
Categories:

Do Your Diligence – Cyber Risk in Mergers & Acquisitions

by David Ritzert 10. November 2015 11:34
As M&A activity increases, so too does the need for cyber security assessments. Cyber breaches are often in the news headlines, however, many companies have been slow to adopt cyber security risk procedures as part of their due diligence process. Companies that plan growth through M&A activity should assess the cyber risk associated with their acquisition targets. The value of the target, as well as the overall enterprise, could be significantly impacted by a cyber breach. In addition to the potential loss in market value, an acquiring company that comes under attack can experience a major disruption to their normal operations, including increased costs and management efforts being diverted to remediation and shoring up defenses, rather than the integration efforts necessary to achieve the anticipated synergies from the transaction. When cyber security procedures are incorporated into the due diligence process, companies can proactively understand and mitigate the potential risks of acquiring a compromised entity. If your company is involved in M&A activity and you don’t incorporate cyber security procedures into the due diligence process, you could be putting your company and the contemplated transaction at risk.
Categories: Assurance