Cyber due diligence has increasingly moved up the agenda for legal practitioners and those involved in funding or indeed divesting assets that may risk or benefit from a cyber risk assessment.
According to a 2016 survey of public-company directors released by the New York Stock Exchange (NYSE) and Veracode over 50% said a breach would significantly lower the target’s valuation and 22% wouldn’t consider acquiring a company that had recently experienced a significant data breach.
Read our post on how to "cyberproof" your M&A.
1 Prepare a cyber security incident response plan In the case of a cyber attack – or the belated discovery of a breach following an M&A deal – you’ll need a plan of action. An incident response plan gives you a roadmap on how to react effectively to different issues, anything from an internal breach to an external attack. 2 Rehearse the incident response plan Rehearsing your prepared incident response plan gives individual employees and the business as a whole the chance to practise what to do. 3 Check supply chain security Ask your suppliers about their cyber security. They need to be able to demonstrate that their own security is up to scratch as well as following any protocols you’ve put in place. 4 Cyber insurance cover Make sure your insurance properly covers you for all the potential sources of loss and ensure your policy includes provision for expert support. 5 Invest in cyber security training Investing in training and raising employee awareness across the business is crucial and can deliver a significant uplift in security. 6 Establish a baseline for ‘normal’ Understanding what normal activity looks like for your business will make it easier to detect any changes or suspicious activity. 7 Board-level responsibility Making cyber security the responsibility of a specific board member helps to stop cyber-risk management slipping through the net.