The impact of COVID-19 on the business world will force irreversible changes to business models and, in such situations, pursuing an inorganic growth strategy will be of prime importance, according to Deloitte.
To this end, merger and acquisition (M&A) activity is expected to increase in the second half of the year, particularly as companies that have come through the crisis in good shape look for opportunities to take over competitors or suppliers that may be struggling to survive.
In this context, it is useful to consider the potential benefits and risks cyber security presents amid M&A activity. Both acquisitions and de-mergers present companies with an opportunity to revisit their cyber security landscape. Separation from Barclays gave Absa the opportunity to build a converged security office from the ground up.
Companies can elect to either go with the same, or better, frameworks, but should view this is as an opportunity to improve their overall security posture. Cyber security should be used as an enablement of the business strategy.
In corporate mergers or de-mergers, it is critical to understand where the relevant entity’s data is located, to identify those who are authorised to access the data, and to assess the ways in which data is accessed. Vulnerabilities also need to be examined.
In merger and de-merger scenarios, it is important that cyber security has a seat at the table from the outset.
In the case of a horizontal merger (such as acquiring a competitor), this may be easier than in the case of a vertical merger (such as acquiring a supplier) because the threat landscapes may be substantially different.
Another key factor is understanding the breadth and depth of the work to be undertaken in a merger or de-merger − how many endpoints, workstations, servers and associated hardware points need to be taken into consideration. In the absence of knowledge of assets, the assets cannot be protected.
Once these factors are considered, companies have an opportunity to improve their overall cyber security environment, even if time and budget are limited. It all comes down to the risk appetite of the organisation.
Thanks to cloud technology, what would previously have taken years can now be done in mere weeks or days. Consider the complexity of having a server rack and associated kit installed at numerous sites. Choosing the appropriate cloud strategy means that implementation, regardless of geographic location, can be done quickly and efficiently.
In merger and de-merger scenarios, it is important that cyber security has a seat at the table from the outset.
The Marriott chain bought Starwood Hotels in 2018 and subsequently announced the Starwood guest reservation database − which reportedly contained up to 500 million accounts − had been compromised, with hacking potentially going on for several years.
If the aquiror had known about the breach – and if cyber security specialists had been consulted during the negotiations stage – there may have been a substantial discount to the acquisition value, and the breach may have been managed better subsequent to it having been discovered by the acquiror.
Cyber security is not just an IT issue that exists in a silo, it is an enterprise-wide risk that must be managed as such. It can and must provide business value and, as mentioned, can significantly enable the business to achieve its goals effectively and securely.
Share