The past two years have seen record volumes of deals, pushing M&A and transaction advisory practices to the forefront of many consulting providers' growth strategies. So far, 2018 is shaping up to be a very good year. However, many consulting firms have begun to incorporate cyber security into their TAS service portfolio. ALM Intelligence's finance & operations consulting research team spoke with FTI Consulting's Anthony J. Ferrante, a Senior Managing Director and the Global Head of Cybersecurity for FTI, about cyber security and the transaction advisory process.
ALM Intelligence: How should com-panies approach cyber security needs?
Ferrante: Cybersecurity needs to be part of every company's strategic growth strategy. As your organization becomes larger and more well-known among clients and industry peers, it also becomes a more attractive target for malicious cyber actors. Investing in cybersecurity means investing in the safety of your organization's most critical assets—the very assets that may need to be leveraged to propel a company's growth strategy in the near to long-term future. Strengthening cybersecurity policies and procedures gives corporate leaders the confidence they need in their organization and assures investors that their interest in a company is protected.
ALM Intelligence: Where are the biggest vulnerabilities for companies today in the transaction process?
Ferrante: In any due diligence efforts conducted as part of a transaction, an acquirer should absolutely assess its target's cybersecurity infrastructure and risk posture. Failing to do so could lead to the discovery of a breach or larger threats later down the road. In addition, during a transaction—a time in which companies must be extremely cautious in the sharing of privileged information—companies should ensure that any engaged vendors have robust cybersecurity measures in place at their organizations. If a breach were to occur as a result of one party's inability to secure confidential information, it is possible that the larger, more consumer-facing organization involved would be blamed for the incident.
ALM Intelligence: What should be the priorities—on the buyside or sellside?
Ferrante: Cybersecurity priorities should include protecting privileged information and ensuring that both entities are aligned in the ways they protect confidential data. On the buyside, companies should look into their target's cybersecurity policies and procedures, history of breaches, and understand what investments may be needed to further insulate the target's most critical assets from a future incident. On the sellside, organizations should internally assess their current cybersecurity infrastructure and strengthen it where necessary pre-acquisition, effectively demonstrating to an acquirer their ability to protect critical information and ultimately ensuring that there is more control over current systems during a moment of transformation.
ALM Intelligence: The deal process has become increasingly complex. What does FTI do to help clients keep a sharp focus on cyber security issues during (and after) the process?
Ferrante: At FTI Consulting, our cybersecurity experts work with clients of any size to address their needs at the most critical times, helping companies integrate new solutions with existing policies and procedures to mitigate inevitable cyber threats. At the outset of a transaction, we can help companies on both the buyside and the sellside review their cybersecurity infrastructure through tools like vulnerability assessments, penetration testing, and adversarial hunt team operations.
ALM Intelligence: Does any region pose a greater challenge in terms of cyber security in TAS than others?
Ferrante: Companies based in various regions may be operating under varied cybersecurity standards. As such, cross-border mergers and acquisitions may have an added element of regulatory harmonization that could introduce challenges over the course of a transaction. For example, Europe's new data privacy law, the General Data Protection Regulation (GDPR), takes effect this month; new regulations like this require additional attention. Furthermore, geopolitical tensions can play a significant role in heightening regional cybersecurity risks. As nation-state actors become more sophisticated, companies need to increase their proactive preparedness and awareness to safeguard their systems.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.