sitemapHome | Registration | Job Portal for CA's | Expert Exchange | Currency Converter | Post Matrimonial Ads | Post Property Ads
News shortcuts: From the Courts | News Headlines | VAT (Value Added Tax) | Placements & Empanelment | Various Acts & Rules | Latest Circulars | New Forms | Forex | Auditing | Direct Tax | Customs and Excise | ICAI | Corporate Law | Markets | Students | General | Mergers and Acquisitions | Continuing Prof. Edu. | Budget Extravaganza | Transfer Pricing | GST - Goods and Services Tax
Latest Expert Exchange
« Mergers and Acquisitions »
 Department of Telecommunications set to approve Idea-Vodafone merger – all you need to know
 Deals Of The Day-Mergers And Acquisitions June 18, 2018
 Deals Of The Day-Mergers And Acquisitions June 12, 2018
 Competition Commission of India may suggest structural changes in Walmart-Flipkart deal
 What you need to know about the Government’s new M&A rules for SMEs
 The Secret to a successful M&A valuation
 How Indian IT companies are trying to survive as outsourcing business declines
 How Indian IT companies are trying to survive as outsourcing business declines
 Times Group MD against further acquisition in telecom sector; fears it will limit consumer choice
 Deals Of The Day-Mergers And Acquisitions June 5, 2018
 All that you need to know about Idea-Vodafone merger

Making cybersecurity a priority in mergers and acquisitions
August, 22nd 2016

The change inevitable in a post-deal situation makes the new company a ripe target for cyber criminals, who often capitalize on the security vulnerabilities that can arise during system implementations, lack of clarity or governance, and employees who may be anxious about losing their jobs. How does a smart, strategic CIO circle the wagons and fortify his or her data?

Last time, we looked at the importance of rigorous cybersecurity assessment during the due diligence phase of acquisitions. There we saw that preparation — getting ahead of the game — is the key to success. The same is true for integration.

How to rebuild your career after a layoff
There is life after the layoff. Take these 6 steps to engineer your own comeback.
When companies integrate, they need to reconcile all of their separate components as part of their 100-day plan for integration: not only different enterprise resource planning (ERP), human resources (HR) and other systems, but also the way security is managed in a cohesive way between the two legacy companies, including governance, processes, resources and systems. In some cases, a company will simply allow an acquisition to keep running their own systems, but this is only rarely the more practical course. To keep data safe, a buyer’s first task is almost invariably the normalization of divergent security systems.

“The watchwords of successful cybersecurity integration are organization and rationalization,” says Micky Houston, Deal Advisory’s Information Technology lead at KPMG. “This is essential not only to keep intruders at bay, but is also relevant from a cultural perspective as well. An immediate and concerted effort to normalize processes is key — you need to be able to offer executives a thoughtful, well-articulated strategy beforehand.”

That integration strategy generally involves two phases: interim integration and long-term integration. Acquisitions often occur more quickly than new security protocols evolve, so a successful integration tends to begin with a strong interim plan. Over time, as the two entities coalesce into a whole, a long-term strategy emerges.

An effective interim plan begins with a more holistic look at cyber from the perspective of the newly merged entity. This includes changes to processes, resources, technology and governance that can impact the availability or confidentiality of sensitive data. Because this is a temporary, transitionary stage, the goal is not to establish a permanent solution, but to assess cyber maturity across the newly merged organization and from that drive a prioritized approach to cyber risk management. As with other risk mitigation, higher risk and quick hit areas should be prioritized and interim controls established, including structured employee access, while a more detailed and comprehensive strategy and road map is built and actioned in parallel.

“At all times during the early stages of integration,” Houston says, “It’s vital to know who needs access to what information, and why. On one hand, employees need to be able to carry out their work; but on the other, every precaution has to be taken to make sure that neither bad actors nor carelessness result in a security breach, which can be devastating.”

Some of the key issues that need to be tackled for the long-term plan include developing a security strategy, creating a data governance system, and assigning a management team. Key to this plan includes a clear top-town message and strategy on what is to be implemented, protected and invested in so all employees are on the same page as it pertains to cyber security. And where most companies fail in this implementation is stopping at the management message. Continued training of all employees on the risks associated with data sharing, third parties and cyber protections will reinforce the new culture equipped to defend itself against bad actors.

As the integration progresses, the integration team also needs to put a targeted review in place to monitor the cybersecurity of the merged entity on an established schedule. Depending on the industry and the cybersecurity risks, the merged entity might want to develop an automated continuous monitoring system that can evaluate any risks on a real-time basis.

Due diligence should ensure that there is a plan to make sure such cybersecurity prerequisites are met from the first moment of the integration process. Integration should begin with an agile interim plan that provides the necessary access for employees and restricts data completely wherever it’s not needed.


Home | About Us | Terms and Conditions | Contact Us
Copyright 2018 CAinINDIA All Right Reserved.
Designed and Developed by Binarysoft Technologies Pvt. Ltd.
Portal Design Website Design Portal Designing Website Designing Web Design Professional Portal Design Professional Website Design Professional Web Design Portal Design India Website Design India Portal Designing India Website Designing India Web Design India Professional Portal Design India Professional Website Design India Chicago Professional Web Design New York Professional Web Design California Website Design Florida Website Design New Jersey Website Design Britain UK Website Design London Manchester Website Design

Transfer Pricing | International Taxation | Business Consulting | Corporate Compliance and Consulting | Assurance and Risk Advisory | Indirect Taxes | Direct Taxes | Transaction Advisory | Regular Compliance and Reporting | Tax Assessments | International Taxation Advisory | Capital Structuring | Withholding tax advisory | Expatriate Tax Reporting | Litigation | Badges | Club Badges | Seals | Military Insignias | Emblems | Family Crest | Software Development India | Software Development Company | SEO Company | Web Application Development | MLM Software | MLM Solutions