Amid global cyberattacks and ransomware plagues, cyber security continues to be a hot topic in the financial world, as evidenced by the caution industry practitioners preached at the Alliance of Mergers & Acquisition Advisors (AM&AA) conference in Chicago this week.
In one of Wednesday’s opening panels, Steve Shapiro, a cyber attorney at Culhane law firm, and Jesus Gonzalez, a security director at AON, spoke about the need for a comprehensive approach to guard against the ever-present threat of hacking and malicious attacks on company networks, servers and the like.
Shapiro highlighted the importance of protecting data in the due diligence process, noting it is important on both the buy side and sell side of the transaction.
Gonzalez noted that the company on the sales block could suffer if an attack comes during the due diligence phase of a transaction. He cited the example of Yahoo revealing a massive hack that resulted in Verizon – which will purchase Yahoo’s core Internet business – knocking $350 million off the transaction value.
The growing presence of cloud computing and cloud storage was addressed by the speakers. Moderator Hugh Smith of advisory firm BrookWeiner recommended businesses select a cloud provider with the care that parents would use when picking daycare for their child.
Developing an effective response plan includes initially taking stock of your information technology assets and the policies and procedures already in place, the panellists said.
Businesses should consider the vulnerability of mobile devices, including smartphones and tablets, and seek the guidance of experts in developing an effective plan to address such an attack. A failure to prepare adequately can have economic consequences as those companies with weaker software and defenses may have lower valuations, the panellists explained.
Cybersecurity and privacy were also discussed at April’s InterGrowth conference put on by the Association for Corporate Growth.
Mary Ellen Callahan, a current partner at Jenner & Block law firm, discussed the pending European General Data Protection Regulation (GDPR), a robust set of protections that could be a boon to EU citizens and pose a challenge for some businesses that can face a penalty if they violate the statutes.
Callahan suggested that when investing in businesses that have operations in Europe, one of the key questions should be: how do you plan to deal with GDPR? That question, she said, should be asked when investing in business-to-business service providers as well as consumer-facing businesses.
The AM&AA conference discussion over cyber security came after the WannaCry ransomware attack crippled companies in over 150 countries, which showed how vulnerable many institutions are to cyber incidents.