David Willetts, Minister for Universities and Science, has launched a new guide giving practical advice to the corporate finance sector, with Government and industry backing. The guide urges companies to make cyber-security a higher priority during transactions.
Corporate finance – including mergers and acquisitions (M&A), buyouts, venture capital and IPOs – is a major area. UK-related M&A deals were worth a total of £216.8bn1 in 2013. But companies undertaking such deals need to make cyber security a priority, the Government suggests. In one recent case following an M&A deal, a FTSE 350 company suffered a sustained compromise of sensitive data, owing to the acquired company’s poor network security practice.
The guide comes from a task-force of a dozen UK professional bodies, associations and professional services firms set up last year. The cyber security threat comes from organised crime networks, nation states, ‘hacktivists’ and staff or contractors. The guide, Cyber Security in Corporate Finance, outlines steps all businesses can take to manage the cyber security threat throughout the corporate finance process.
David Willetts MP, who launched the report at Chartered Accountants’ Hall in London, said: “We want to make the UK one of the most secure places in the world to do business online. This guidance will help companies that deal with very sensitive data to be more aware of the risks. It will help them to protect themselves and their customers from online criminals. It will allow the corporate finance sector to make the most of the opportunities that cyberspace can offer, helping the UK get ahead in the global race.”
Michael Izza, ICAEW’s Chief Executive, said: “It’s very important to guard against over-confidence within circles of trust and to question whether all information should be shared with all parties during a corporate finance transaction. A weak link in the security of any of the parties can easily be exploited. This guide will help companies to transact securely and provide additional assurance to their shareholders and stakeholders.”
Cyber-crime is estimated to cost UK businesses several billion pounds per year. Supported in its work by the Government through its National Cyber Security Programme, the ICAEW convened the Taskforce, which includes representatives of ICAEW’s Corporate Finance Faculty, Association of Corporate Treasurers, Association for Financial Markets in Europe, the British Private Equity & Venture Capital Association, Law Society, London Stock Exchange, the Takeover Panel, and audit firms Deloitte, EY, KPMG and PwC. The CBI is also supporting the initiative.
About cyber security
Cyber security, the process of protecting commercially sensitive information, data and intellectual property is a vital issue for all companies, advisers, investors, regulators and other stakeholders. Understanding, anticipating and managing risks is crucial for all company directors and advisers; it is not an issue to be dealt with only by IT and technical specialists, the guide authors stress.
Corporate finance, as defined by the task-force, covers a range of activities, from a small business replacing a debt facility, to a large organisation preparing to list on the London Stock Exchange. These tasks vary in complexity, but typically require the sharing of commercially sensitive or otherwise confidential information. This initiative is of relevance to the vast majority of organisations, be they commercial enterprises, government – both national and local, and not-for-profit organisations.
Further information can be found at www.icaew.com/cfcyber
The National Cyber Security Strategy and 2012 Ministerial statement and supporting documents can be found here: https://www.gov.uk/government/publications/cyber-security-strategy.
Comment
At cloud based identity and access management provider Okta Phil Turner, VP of EMEA for Okta
“Subsequently, the need for more robust authentication methods has never been greater. They are essential to ensuring data is secure and that access is controlled across all users, devices and applications. This means companies must invest not only in solutions that provide a seamless and secure experience for internal users, but also external users at partners and customer companies.”