We’ve always talked about the business value cybersecurity holds for companies, but many business executives continue to have their doubts on this aspect. The doubts arise from various areas, but they can all link back to the fact that executives won’t believe it until they are hit by breach or denied a deal because of poor cybersecurity hygiene. It isn’t a criticism, for us within the industry it makes sense due to a business executive not being in the know on cybersecurity. After all, they’re busy running and operating a business.
However, instead of waiting for businesses to get hit by breach; today, we want to try and make the business value that comes with cybersecurity more tangible for those of you who are seeking to find a tangible way to present cybersecurity to your CEO or for a CEO who is somewhat conscientious on the importance of cybersecurity and therefore, is looking for some clear answers.
A survey by Forescout shows that 53% of IT and business decision makers report their organization has encountered a critical cybersecurity issue or incident during a mergers and acquisitions (M&A) deal that put the deal into jeopardy. The study also showed that after a deal was made and cybersecurity concerns were discovered, 65% experienced buyers’ remorse.
Buyers’ remorse brought up an important concern for the future of M&A, the need of conducting a cyber assessment during the negotiations and/or integration process. Nobody wants to acquire a company that doesn’t have a solid cybersecurity posture and therefore is a potential trojan horse by being at risk of breach.
Cybersecurity assessments are important for any business, since everyone faces the potential of a breach and a number of cyber risks in the digital era; and it’s not only because of the value that the business gains. It’s also about staying in business and ensuring one keeps employees and customers protected. Not to mention that it’s not automatic for any of a business’ IT assets to be secure from threats, there are multiple vulnerabilities that come into play with each technological advancement or update that takes place in time. The complete visibility of all connected devices and knowing if they are patched correctly, configured appropriately, free of malware and backdoors of any kind, requires a consistent cybersecurity oversight. These eyes to your IT assets security is available only if you conduct cybersecurity assessments regularly.
Some other important findings worth noting from the study are:
- Only 36% of businesses strongly agree that their IT team is given adequate time to review a targets’ cybersecurity standards, processes, and protocols before completing acquisition.
- 81% of IT decision makers (ITDMs) and business decision makers (BDMs) agree that they are putting more focus on an acquisition target’s cybersecurity posture than in the past, which makes a business’ cybersecurity posture a top priority.
- Connected devices and human error put organizations at risk – 51% of ITDMs and BDMs find that human error and configuration weakness put a business at risk during the IT process and 50% find connected devices do too. 53% of ITDMs find unaccounted devices, including IoT and OT devices, after completing the integration of a new acquisition.
- 53% of survey respondents report encountering a critical cybersecurity issue or incident during an M&A deal that put the deal into jeopardy; and 73% agree that a company with an undisclosed data breach is an immediate deal breaker in their company’s M&A strategy.
- Last, but not least, only 37% of ITDMs strongly agree that their IT team has the skills necessary to conduct a cybersecurity assessment for an acquisition. Because of a lack of resources, businesses must allocate outside sources to their cybersecurity assessments and/or may not be able to complete a robust assessment.
Even though this study is focused on M&A, the findings are indicative to the value of one’s cybersecurity posture in relation to the worth of their business, as well as the likelihood of a successful M&A deal; the importance of conducting cybersecurity assessments (which we’re always talking about, here’s one of our latest blog posts on the topic: Conducting a security assessment); and the cybersecurity skills gap (due to lack of resources, time and necessary experience) that perpetuates the vulnerabilities that put businesses at risk.
As always, we’re here to help get you on track with anything cybersecurity related.
We’re so committed that recently we added a new offering for SMBs, MyCSO Cybersecurity Training, which gives any small business the opportunity to significantly reduce their cyber risk for free with three simple steps (here’s the link: https://training.ncxgroup.com/free/ if you want to check it out). We also have an option that allows you to complete an online cyber risk assessment to determine where your business is most at risk (here’s the link if you want to check it out: https://training.ncxgroup.com/lite/).
And if you want to talk to someone, you always have the option to schedule a call with us, it’s free!
Schedule your free cybersecurity consultation by clicking here.
Photo courtesy of wutzkohphoto