Waving the ‘red flag’ for cyber security

Updated: Oct 8, 2019

Stephanie Stone said it best in Forbes magazine when she declared “Every company is a technology company” (Forbes 2017). As technology now underpins every organisation, every organisation is now vulnerable to a cyber-attack. Taking this statement as a fact in this digital age, then during M&A it isn’t just a product that needs assessing from a cyber security point of view, it is the target organisation in its entirety.

We recognise that full cyber security audits and continuous monitoring of organisations aren’t always feasible in the fast-paced and dynamic investment arena. Therefore, CYSIAM recommends a minimum set of questions and activities for ‘red flag’ that achieve maximum impact in a short time-bound work package.

Key questions to answer

  • Is the target already breached and / or vulnerable to attack?

  • Does the target recognise and mitigate the risk of cyber-attacks?

  • Is there a risk of the target incurring legal penalties or prosecution as the result of a cyber-attack?

  • Is the target contractually liable for 3rd party cyber security risks?

Minimum recommended approach

In addition to seeking insurance advice we recommend, as a minimum, the following cyber security due diligence for every investment.

  • Vulnerability scanning of internal networks, web-facing applications and critical assets.

  • Review of policies and evidence of implementation.

  • Compliance checks against relevant legal and common framework requirements.

  • Review of key customer and supplier contracts and their technical access to the target.

If you are interested in discussing your current approach to cyber security, either within the due diligence process or as part of a current portfolio, then please contact us here.

#cybersecurity #duediligence #redflag #cysiam

CYSIAM Limited,

The Mansion,

Bletchley Park,

Sherwood Drive,

Bletchley, Milton Keynes,

United Kingdom, MK3 6EB.

Company number: 11422969

VAT number: 302931729

Our focus is on delivering the benefits, and managing the risks, inherent in the use of modern digitally connected technologies.  We contribute to national security and economic prosperity by enabling sustainable resilience against credible threats, both malicious and accidental, at all levels of society.

  • YouTube
  • LinkedIn Social Icon
  • Twitter Social Icon

© 2019 Copyright Cysiam Limited. All rights reserved. Privacy Policy. Terms & Conditions.