Companies engaged in mergers and acquisition, IPOs, buy-outs and in bidding for major contracts need to beef up their cyber defences the government has warned.
The ‘Cyber Security in Corporate Finance' report published by the government and the Institute of Chartered Accountants in England and Wales (ICAEW) offers security advice to the various companies involved in buyouts, IPOs and mergers and acquisitions, a market worth £216.8 billion in 2013.
The publication aims to raise awareness of the issues faced by the various law firms, advisers, investment banks, and businesses which create multiple flows of data during finance deals that can be exploited by cyber criminals.
“Corporate finance transactions are potentially attractive sources of information to a range of parties: commercial data, IP information and sensitive client data may all be involved,” said Business, Innovation & Skills (BIS) minister David Willetts.
“All businesses involved in corporate finance need therefore to be aware of these cyber-risks, and of what they can do to help protect their data, their clients and their reputation.”
The report makes a number of suggestions for companies, such as keeping certain information ‘offline’, asking which information security standards - if any - the other parties comply with, and limiting the number of receiving sensitive information.
Organised crime networks, hactivists, employees, competitors and individuals seeking to sell on confidential data are among those which pose a threat, the report states.
A number of cases are highlighted where businesses have had their systems compromised through a range of methods, from spear phishing and theft of personal devices.
One case involved an unnamed energy company which discovered that a key employee had their computer infected with malware while involved in bidding for a high value project against multiple international competitors. The company was forced to strengthen security systems after it was realised that its negotiating position had been compromised.
Martin Tyley, director and head of information protection at KPMG, which had input into the report, commented on its publication:
“It’s vital to recognise that cyber security isn’t about adopting an inward-looking approach and thinking you are safe,” said Tyley. “The potential reputational risk of a breach for clients, suppliers, customers and the markets mean that cyber security should not be viewed as the domain of the IT room, but as everyone’s business."
The guidelines follow the launch of the government's 'Cyber Streetwise' campaign, which aims to help improve awareness of security issues among smaller businesses.
The financial sector as a whole is increasingly the target of cyber criminals, with the Bank of England recently revealing that several UK financial institutions have been victims of cyber attacks in the past year.
Last year the Bank of England oversaw a cyber threat exercise called Operation Walking Shark 2, aimed at testing the resilience of systems against cyber attacks, with a focus investment bank operations.