It’s a new year and corporate concerns about cybersecurity risk are high. Which means top executives at Fortune 500 companies will do what they always do — spend big on security technology. Global cybersecurity spending is on a path to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021.
But increasing budgets each year with little strategic forethought is a corporate failing. Further, the lack of proactive monitoring of cyber risk profile almost ensures gaps and vulnerabilities that will be exploited by hackers.
Corporations that don’t formulate a thorough cybersecurity plan and monitor its implementation will encounter more breaches and increasingly become mired in scuttled M&A opportunities. Market research firm Gartner says that 60% of organizations engaging in M&A activity are already weighing a target’s cybersecurity track record, posture and strategy as a key factor in their due diligence. A company that has been hacked is a less attractive acquisition target — hardly a minor point, given that M&A activity globally, led by the U.S., has set records in recent years and is widely expected to maintain or exceed this level going forward.
The most highly publicized example of an M&A-related cybersecurity headache was Verizon’s discovery of a prior data breach at Yahoo a couple of years ago, after formulating an acquisition agreement. The discovery almost killed the deal and ultimately resulted in a $350 million reduction in Verizon’s purchase price.
Enterprises must step up to the plate once and for all and develop meaningful metrics to assess the quality of their cybersecurity protection and monitor its completeness and effectiveness. And the best way to do this is to begin taking steps to incorporate continuous controls monitoring (CCM).