New York (HedgeCo.Net) – Can acquisitions or investments lead to data attacks? The financial and reputational risks associated with security breaches and the ever-increasing sophistication of attacks are a critical issue for financial services firms today. It is no longer a question of “if” but when a breach may occur. Data sensitivity and increased regulations heighten the importance of cybersecurity.
A recent white paper released by McGladrey , Private equity firms may inherit data attacks from acquisitions, examines how private equity firms are subject to damage from their portfolio company’s existing ineffective security strategies. Hedge funds face similar challenges as they invest in companies that may (or may not) have secure systems.
White paper excerpt
Many businesses in a variety of industries, including private equity firms and their portfolio companies, can experience data security breaches. Violations often involve the loss of customers’ personal and credit information, and many times, go far beyond the potential loss of financial information or regulatory penalties. The bad press from a security breach could equate to the loss of thousands, if not millions, of customers. In addition, the greater hit is often in the form of reputation and goodwill erosion, and the possibility of liability suits.
As a private equity firm acquiring a new business, could you be held responsible for existing ineffective security strategies, resulting in breaches within the acquired company? Further still, post-deal close, could you encounter challenges related to compromised intellectual property of the acquiring business and resulting aftermath? In a word, yes. You could inherit many of the problems from presale attacks, and be paying for these security issues for years, in the way of fines, costly litigation or plummeting revenues.
The cost of security breaches
You’ve likely read about the highly publicized data breaches prior to last year’s holiday season. These data security attacks were due to point of sales (POS) systems malware. The systems were compromised by way of a third-party vendor. The malware used to read credit card information on the POS systems copied the cards as they were processed in memory. There are, however, many more damaging avenues an attacker may take to access an organization’s critical data, like hacking into corporate bank accounts, extracting sensitive data and sometimes a business’ actual account funds. This could not only lead to compromised customer and credit information, but also devastating financial loss for a company.