Failing to consider cybersecurity when it comes to engaging in an M&A deal, as Winzer puts it, is like driving blind without glasses. “You can easily be attacked and become a victim of computer attackers, and when that happens that is at risk of business operations, being able to run the company in the most profitable way possible, but also be disrupted and lose money,” he explains. “It can also have a direct impact on occupational health and safety. For example, depending on the type of organization and industry, if it’s the health care industry, it can have an impact on patients and people who need critical support.”
What areas should CISOs look for during the M&A process?
There are several cybersecurity risks that M&As present to CISOs. Experts from major consulting firms have shared some of the key things CISOs should be aware of and ensure their CEOs and boards are on top of before the process begins. This includes ensuring that technology and governance are up-to-date, reviewing all third-party agreements and services to ensure they meet the necessary cyber security requirements, being aware of cybercriminals’ opportunities, and being aware of potential attackers.
Technology and governance may not be in place
The obvious risk, according to CyberCX financial services Shameela Gonzalez, is when two companies try to combine two different technology stacks. “It’s really important to understand what risks can be created by merging and integrating those, and how you make sure that the coverage you had as an independent organization is maintained when you integrate the new technology stack. ,” he says, pointing out that one company may have a better online presence than another.
Source link