Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Mergers and Acquisitions »
Open DEMAT Account in 24 hrs
 Govt may further sweeten Air India offer
 How India is becoming an unlikely Asian hotspot for mergers & acquisitions
 Notification No. 05/2020-Customs (ADD) Ministry Of Finance
 Deals of the day-Mergers and acquisitions March 6, 2020
 Deals of the day-Mergers and acquisitions March 2, 2020
 Mint Investment Summit - M&A in India: Challenges and opportunities
 Record Year 2019: Fintech Deals, Mergers and Acquisitions Study
 Deals of the day-Mergers and acquisitions February 28, 2020
 Deals of the day-Mergers and acquisitions February 4, 2020
 The mergers and acquisitions perspective
 Deals of the day-Mergers and acquisitions January 6, 2020

Making cybersecurity a priority in mergers and acquisitions
August, 22nd 2016

The change inevitable in a post-deal situation makes the new company a ripe target for cyber criminals, who often capitalize on the security vulnerabilities that can arise during system implementations, lack of clarity or governance, and employees who may be anxious about losing their jobs. How does a smart, strategic CIO circle the wagons and fortify his or her data?

Last time, we looked at the importance of rigorous cybersecurity assessment during the due diligence phase of acquisitions. There we saw that preparation — getting ahead of the game — is the key to success. The same is true for integration.

rebuiding
How to rebuild your career after a layoff
There is life after the layoff. Take these 6 steps to engineer your own comeback.
READ NOW
When companies integrate, they need to reconcile all of their separate components as part of their 100-day plan for integration: not only different enterprise resource planning (ERP), human resources (HR) and other systems, but also the way security is managed in a cohesive way between the two legacy companies, including governance, processes, resources and systems. In some cases, a company will simply allow an acquisition to keep running their own systems, but this is only rarely the more practical course. To keep data safe, a buyer’s first task is almost invariably the normalization of divergent security systems.

“The watchwords of successful cybersecurity integration are organization and rationalization,” says Micky Houston, Deal Advisory’s Information Technology lead at KPMG. “This is essential not only to keep intruders at bay, but is also relevant from a cultural perspective as well. An immediate and concerted effort to normalize processes is key — you need to be able to offer executives a thoughtful, well-articulated strategy beforehand.”

That integration strategy generally involves two phases: interim integration and long-term integration. Acquisitions often occur more quickly than new security protocols evolve, so a successful integration tends to begin with a strong interim plan. Over time, as the two entities coalesce into a whole, a long-term strategy emerges.

An effective interim plan begins with a more holistic look at cyber from the perspective of the newly merged entity. This includes changes to processes, resources, technology and governance that can impact the availability or confidentiality of sensitive data. Because this is a temporary, transitionary stage, the goal is not to establish a permanent solution, but to assess cyber maturity across the newly merged organization and from that drive a prioritized approach to cyber risk management. As with other risk mitigation, higher risk and quick hit areas should be prioritized and interim controls established, including structured employee access, while a more detailed and comprehensive strategy and road map is built and actioned in parallel.

“At all times during the early stages of integration,” Houston says, “It’s vital to know who needs access to what information, and why. On one hand, employees need to be able to carry out their work; but on the other, every precaution has to be taken to make sure that neither bad actors nor carelessness result in a security breach, which can be devastating.”

Some of the key issues that need to be tackled for the long-term plan include developing a security strategy, creating a data governance system, and assigning a management team. Key to this plan includes a clear top-town message and strategy on what is to be implemented, protected and invested in so all employees are on the same page as it pertains to cyber security. And where most companies fail in this implementation is stopping at the management message. Continued training of all employees on the risks associated with data sharing, third parties and cyber protections will reinforce the new culture equipped to defend itself against bad actors.

As the integration progresses, the integration team also needs to put a targeted review in place to monitor the cybersecurity of the merged entity on an established schedule. Depending on the industry and the cybersecurity risks, the merged entity might want to develop an automated continuous monitoring system that can evaluate any risks on a real-time basis.

Due diligence should ensure that there is a plan to make sure such cybersecurity prerequisites are met from the first moment of the integration process. Integration should begin with an agile interim plan that provides the necessary access for employees and restricts data completely wherever it’s not needed.

 

Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting