Cyber Security: Review by Chubb Insurance Risk Expert

Chubb in the News

Cyber skeletons
by Tracey Vispoli
Updated 01:11 PM EST, Dec-17-2002

Consider the following scenario. Your company, ABC Doughnut Co., which owns a national chain of doughnut shops, has been in talks with XYZ Coffee Co., a chain of gourmet coffeehouses, to merge the two companies. On paper, the deal looks solid — doughnut lovers will be able to order America’s most popular kind with a cup of the best gourmet coffee in the country. ABC shareholders will — pardon the expression — eat this up.

A tasty doughnut and a good, hot cup of robust coffee seem like a tantalizing combination. But, of course, before the merger is finalized, you’ll need to determine just how to fully integrate the two companies to create a new entity that is appetizing to shareholders, executives and employees of both companies.

Are XYZ’s financial statements in order? What legal and environmental liabilities does XYZ bring to the merger? What about the corporate culture? Will employees of both companies be able to get along under one roof? How does the Street view this merger?

But one aspect of a merger that is too often overlooked by the acquiring company is information technology. It’s easy to study a company and learn about its facilities — its buildings and equipment — its products, its employees and its market penetration. But if you ignore IT, you are doing shareholders a grave disservice.

It’s not unlike buying an older house. Do you just drive by and look at the outside before signing the mortgage agreement? Hardly. Instead, you carefully inspect the infrastructure, looking for cracks in the foundation, signs of termite damage in the framing, moisture in the basement and outdated and faulty wiring in the walls.

You should be equally diligent when considering a business merger. A company’s information technology is a potential liability that is often hidden from view.

Some questions you will need to ask to learn about a company’s cyber liability include:

• Does the company being acquired have an outdated legacy system? Is it compatible with your systems?

• What are the company’s IT standards and operating procedures? Are they strong enough to protect the company from theft, fraud and online extortion?

• Does the company transact business over the Internet? How secure are the transactions?

• Is the company up to speed with the latest cybersecurity software?

• Who are the company’s third-party technology service providers, and exactly what are their contractual obligations?

• If the company being acquired transacts business online, what is the company’s corporate strategy for that? What kind of an impact is it likely to have on your own company’s strategy?

Cybersecurity is playing an increasingly important role in all organizations, regardless of whether they sell products over the Internet. Few office employees today can accomplish their jobs without the help of the Internet and e-mail. That’s why it is particularly important for an acquiring business to know how the company it is buying is protecting its information technology infrastructure from hackers, computer viruses and online fraud.

A computer virus or a hacker attack can cost a company millions of dollars, so it’s important to know that the business you are acquiring is protected. A company’s system could be shut down by a virus or a hacker attack, creating business-interruption losses and a public relations nightmare, which will be costly to overcome.

The combined company’s cybersecurity is only as strong as its weakest link. The following survey results show how corporations and government are unprepared to deal with cybersecurity issues.

According to the Computer Security Institute’s fifth annual survey on cyber-crime losses:

• Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches in the past 12 months;

• Seventy percent reported a variety of serious computer security breaches (other than viruses, laptop theft or employee Net abuse) — theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks;

• Forty-two percent were able and willing to quantify their financial losses. The losses from these 273 respondents totaled more than $265 million;

It is clear from these statistics that many corporations are struggling with cybersecurity issues. If your company is considering an acquisition, it’s important to know what cyber skeletons are in the closet.

Tracey Vispoli is cyber-solutions manager for Chubb & Son’s department of financial institutions, based in Warren, N.J.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s