Manufacturing is Risky Business

by Chris Talipsky 1. July 2016 09:26
Financial services, healthcare, and retail industry cybersecurity issues have been attracting the most headlines, but these are not the only industries facing significant cybersecurity attacks and breaches. In what may be a surprise to many people, manufacturing was the 2nd most targeted industry in 2015, according to IBM, behind only financial services. Indeed, as more manufacturing processes and infrastructure integrate technology, the more open they become to cyber attacks. And though manufacturing breaches may have flown under the radar for the general public, manufacturers are becoming increasingly aware of the looming cyber threat. In a recent manufacturing risk survey commissioned by BDO, 92% of manufacturers cite cybersecurity concerns, a 44% increase from 2013. According to Shahryar Shaghaghi, National Leader, Technology and Advisory Services at BDO, “all it takes is one weak link in the security chain for hackers to access and corrupt a product feature, an entire supply chain or a critical piece of infrastructure.” This vulnerability is illustrated by another finding of the survey: only 8% of manufacturers felt capable of preventing a breach. As a result, cyber risk management strategies are increasingly focused on response and resiliency, not just on prevention.

Cyber Security is Driving Board Engagement with Internal Audit

by David Ritzert 10. March 2016 12:14
Almost three out of four companies are now including cyber security risks in their internal audit plans, according to a survey of more than 1,300 IA professionals just released by Protiviti. This is an increase of 20% year over year, and stands in contrast to the findings reported in the Institute of Internal Auditors 2016 North American Pulse of Internal Audit, which concluded that internal audit leaders lack confidence in their staff’s cyber security capabilities (see our related blog). Suppliers and business partners are increasingly engaged with the issue as well. More than half of the survey respondents reported receiving inquiries from clients, insurance vendors, and customers about their cyber security posture. An important byproduct of cyber security risk becoming a fixture in the annual audit plan is that it is driving more Board engagement with the process. The Protiviti survey provided these important takeaways: in order to implement and maintain an effective cyber security plan, an organization must have a high level of engagement by its board of directors regarding information security risks, and it should also include an evaluation of cyber security risk in its current audit plan. Having directors more engaged with the internal audit process will provide further support for IA professionals as they seek to integrate increased cyber security measures into the overall enterprise risk management plan. This is a very positive trend.
Categories:

Do Your Diligence – Cyber Risk in Mergers & Acquisitions

by David Ritzert 10. November 2015 11:34
As M&A activity increases, so too does the need for cyber security assessments. Cyber breaches are often in the news headlines, however, many companies have been slow to adopt cyber security risk procedures as part of their due diligence process. Companies that plan growth through M&A activity should assess the cyber risk associated with their acquisition targets. The value of the target, as well as the overall enterprise, could be significantly impacted by a cyber breach. In addition to the potential loss in market value, an acquiring company that comes under attack can experience a major disruption to their normal operations, including increased costs and management efforts being diverted to remediation and shoring up defenses, rather than the integration efforts necessary to achieve the anticipated synergies from the transaction. When cyber security procedures are incorporated into the due diligence process, companies can proactively understand and mitigate the potential risks of acquiring a compromised entity. If your company is involved in M&A activity and you don’t incorporate cyber security procedures into the due diligence process, you could be putting your company and the contemplated transaction at risk.
Categories: Assurance