Corporate finance deals under threat from cyber criminals, warns government

Cyber security needs to be ‘high priority' for firms involved in M&A activity

Companies engaged in mergers and acquisition, IPOs, buy-outs and in bidding for major contracts need to beef up their cyber defences the government has warned.

The 'Cyber Security in Corporate Finance' report published by the government and the Institute of Chartered Accountants in England and Wales (ICAEW) offers security advice to the various companies involved in buyouts, IPOs and mergers and acquisitions, a market worth £216.8 billion in 2013.

The publication aims to raise awareness of the issues faced by the various law firms, advisers, investment banks, and businesses which create multiple flows of data during finance deals that can be exploited by cyber criminals.

"Corporate finance transactions are potentially attractive sources of information to a range of parties: commercial data, IP information and sensitive client data may all be involved," said Business, Innovation & Skills (BIS) minister David Willetts.

"All businesses involved in corporate finance need therefore to be aware of these cyber-risks, and of what they can do to help protect their data, their clients and their reputation."

The report makes a number of suggestions for companies, such as keeping certain information 'offline', asking which information security standards - if any - the other parties comply with, and limiting the number of receiving sensitive information.

Organised crime networks, hactivists, employees, competitors and individuals seeking to sell on confidential data are among those which pose a threat, the report states.

A number of cases are highlighted where businesses have had their systems compromised through a range of methods, from spear phishing and theft of personal devices.

One case involved an unnamed energy company which discovered that a key employee had their computer infected with malware while involved in bidding for a high value project against multiple international competitors. The company was forced to strengthen security systems after it was realised that its negotiating position had been compromised.

Martin Tyley, director and head of information protection at KPMG, which had input into the report, commented on its publication:

"It's vital to recognise that cyber security isn't about adopting an inward-looking approach and thinking you are safe," said Tyley. "The potential reputational risk of a breach for clients, suppliers, customers and the markets mean that cyber security should not be viewed as the domain of the IT room, but as everyone's business."

The guidelines follow the launch of the government's 'Cyber Streetwise' campaign, which aims to help improve awareness of security issues among smaller businesses.

The financial sector as a whole is increasingly the target of cyber criminals, with the Bank of England recently revealing that several UK financial institutions have been victims of cyber attacks in the past year.

Last year the Bank of England oversaw a cyber threat exercise called Operation Walking Shark 2, aimed at testing the resilience of systems against cyber attacks, with a focus investment bank operations.

Tags security

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Continuity Management Solutions

Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.