LONDON Jan 16 British companies engaging in
mergers and acquisitions, buyouts, capital raisings and stock
market listings are prime targets for cyber attacks and need to
make cyber security a top priority, according to new,
The volume and sensitive nature of information generated and
shared widely during the course of a deal makes the corporate
finance community particularly vulnerable to cyber crime,
according to the Institute of Chartered Accountants in England
and Wales' (ICAEW) Cyber-Security in Corporate Finance report.
The report, published on Thursday, cites several examples to
highlight the risks related to deals, including the case of one
midcap UK company which saw data related to a new technology
stolen after its computer network was infiltrated.
Overall, cyber crime is estimated to cost UK businesses
several billion pounds per year, the ICAEW said.
The report contains tips to help guard against threats from
organised crime networks, nation states, so-called "hacktivists"
and employees looking to profit from advance notice of a deal,
to sell on information or data, or to sabotage deals entirely.
Devised by its "Taskforce" of 12 major professional
organisations, including the Cabinet Office and the London Stock
Exchange, and backed by the government's 860 million
pound ($1.4 billion) National Cyber Security Programme, the
guidance spans all phases of a deal from initial information
gathering to completion.
Among its recommendations, the Taskforce suggests limiting
the number of people "brought inside" early deal talks,
appointing an IT team to monitor activity around shared
information, carrying out due diligence on the cyber security
systems of all parties involved in a transaction and creating
incident response plans.
"It's very important to guard against over-confidence within
circles of trust and to question whether all information should
be shared with all parties during a corporate finance
transaction," said ICAEW Chief Executive Michael Izza.
"A weak link in the security of any of the parties can
easily be exploited," he added.
The ICAEW said the Taskforce would keep the guidance under
review and may update it in the future in recognition of the
constant development of new threats and new ways of managing