New guidance tackles cyber threat for UK firms doing deals

Reuters
A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel/Files

LONDON (Reuters) - British companies engaging in mergers and acquisitions, buyouts, capital raisings and stock market listings are prime targets for cyber attacks and need to make cyber security a top priority, according to new, government-backed guidance. The volume and sensitive nature of information generated and shared widely during the course of a deal makes the corporate finance community particularly vulnerable to cyber crime, according to the Institute of Chartered Accountants in England and Wales' (ICAEW) Cyber-Security in Corporate Finance report. The report, published on Thursday, cites several examples to highlight the risks related to deals, including the case of one midcap UK company which saw data related to a new technology stolen after its computer network was infiltrated. Overall, cyber crime is estimated to cost UK businesses several billion pounds per year, the ICAEW said. The report contains tips to help guard against threats from organised crime networks, nation states, so-called "hacktivists" and employees looking to profit from advance notice of a deal, to sell on information or data, or to sabotage deals entirely. Devised by its "Taskforce" of 12 major professional organisations, including the Cabinet Office and the London Stock Exchange, and backed by the government's 860 million pound ($1.4 billion) National Cyber Security Programme, the guidance spans all phases of a deal from initial information gathering to completion. Among its recommendations, the Taskforce suggests limiting the number of people "brought inside" early deal talks, appointing an IT team to monitor activity around shared information, carrying out due diligence on the cyber security systems of all parties involved in a transaction and creating incident response plans. "It's very important to guard against over-confidence within circles of trust and to question whether all information should be shared with all parties during a corporate finance transaction," said ICAEW Chief Executive Michael Izza. "A weak link in the security of any of the parties can easily be exploited," he added. The ICAEW said the Taskforce would keep the guidance under review and may update it in the future in recognition of the constant development of new threats and new ways of managing these threats. ($1 = 0.6116 British pounds) (Reporting by Clare Hutchison; Editing by Mark Potter)