In every industry, cybersecurity weaknesses represent a significant threat to the operations, reputation and the bottom line of all companies, whatever their size and wherever their location. Poor cybersecurity at any company creates tremendous risk for any suitor who buys that company, merges with that company, partners with that company or hires that company as a vendor. The mantra underlying cybersecurity due diligence concerns is simple: No matter what the terms, when adding, partnering or working with another enterprise, a company is taking on that company’s data troubles and attendant data risks. Read my recent Compliance Week column to learn about the new imperative of cybersecurity due diligence (a precursor to my forthcoming ebook entitled, “Cybersecurity Due Diligence Handbook”). Here is an excerpt:
“Data security concerns are not the only reason it should be standard practice for due diligence deal teams to embed cyber-security subject matter experts with the more traditional business, legal, and technical workflow of due diligence exercises. There is an even more important purpose: to gauge overall corporate health and hygiene.
When a cyber-security due diligence team finds problems and weaknesses, it is more than just a red flag indicating cyber-attack risks; it also evidences a distracted and detached C-suite and perhaps even an inattentive board of directors. And the reverse rings equally true. Like the pre-med student who aces organic chemistry, any company earning high cyber-security grades is a rarity; probably grades high in every other subject; probably has the intelligence, fortitude, and grit to overcome and thrive amid any future challenge; and probably makes for a strong future and dynamic partner.
Take heed from the adage, “If you want success, you should start with your health,” because in today’s world of cyber-attacks and state-sponsored virtual terrorism, “If corporations want success, they should start with their cyber-security.”