San
Francisco Security Firm Working with Investment Advisors to Uncover
Critical Security Flaws that Present Added Risk for Corporate
Acquisitions.
San
Francisco, CA, USA (March 3, 2016) -- Hidden security flaws in
software and network infrastructure pose great risks to successful
mergers and acquisitions, and yet assessing the security of target
companies is commonly omitted from the M&A due diligence process.
According to the team at AsTech Consulting-independent cyber security
experts specializing in software and IT infrastructure
security-unidentified vulnerabilities can heavily influence the value
of an acquisition, and more investment advisors and corporations are
working with AsTech to uncover hidden security issues to guide
valuation and deal negotiations.
"A
few years ago security audits were just for 'tech' companies but
today almost every business is dependent on increasingly vulnerable,
interconnected technology. Buyers no longer see this as an isolated
'IT' issue, it's become a boardroom issue," said David Fox,
Managing Director, Strategic Value Advisors.
Assessing
security issues and overall cyber risk is seldom considered as part
of due diligence in merger and acquisition discussions, but this is
changing. Negotiating parties examine revenue, assets, inventory,
channels, and partnerships, but fail to recognize that a security
weakness in the network infrastructure or source code may compel
remediation costs that annihilate a significant percentage of the
subject valuation. Security breach remediation and customer
notification routinely cost companies hundreds of thousands of
dollars, if not millions. For example, there are 47 states with
"breach notification" laws and, according to the National
Conference of State Legislatures, the average cost of a security
breach customer notification alone in 2014 was $500,000.
"Hidden
security issues can have a profound impact on any merger. In one
recent case, the acquisition target discovered a breach during
negotiations that affected their customers as well as the company
itself. The acquiring company simply walked away from the table,"
said Greg Reber, founder and CEO of AsTech Consulting. "To meet
the market's need, AsTech has launched an M&A Security Due
Diligence Practice. Developed with M&A advisors, venture capital
investors and security practitioners, this service focuses on getting
useful information to the right players quickly, before it's too late
to have an effect on negotiations."
Dr.
Martin Carmichael, former CISO of TD Ameritrade and McAfee, agrees,
stating: "As CISO of TD Ameritrade, I engaged AsTech to perform
a security evaluation after an acquisition deal was done. They
discovered critical security flaws, which required significant
remediation costs. This information would have affected the
valuation, and negotiations."
Guy
Henshaw, board member of payroll company Evolution HCM notes: "AsTech
has helped our company assess the cyber risk of potential
acquisitions on three occasions. They are adept at quickly assessing
and analyzing risks: distilling results into very succinct reporting
with recommendations. We will not go into a deal without the AsTech
Due Diligence Cyber Risk Assessment."
Depending
on 'deal-specific variables,' there is a range of scrutiny that may
be applied to this type of due diligence. A software company being
acquired for the software itself doesn't need an IT infrastructure
assessment, but rather a software security analysis which in most
cases could produce key results within a few business days.
"The
business climate is changing and chief executives and board members
are being held accountable by shareholders, employees, and others for
costly security breaches," Reber said. "Legal disclaimers
no longer excuse liability. Smart executives are scrutinizing
security in advance, rather than waiting for hidden problems to
emerge that can create costly remediation. Assessing security
vulnerabilities in advance strengthens your negotiating position,
regardless of which side of the table you're on."
About
AsTech Consulting
AsTech
Consulting has been helping Fortune 1000 companies manage risk and
protect vital information assets since 1997. AsTech's technical team
are true Internet security experts, providing a full suite of
services focused on risk management and mitigation including
Vulnerability Discovery and Remediation, Secure Development Training,
Secure Software Development Lifecycle Consulting and Security
Architectural Design.
For
more information, visit http://www.astechconsulting.com.
Contact:
Tom
Woolf
Public
Relations Director, Gumas Advertising
415-259-5638