Yet more Compliance standards - this time it's IT.
Compliance with legislation, industry and professional standards has been an overhead that professional firms have long since become accustomed to. Compliance of a different nature is now looming on the IT front and will require firms to take even more seriously the management of their IT systems.
The Government published research into the state of Cyber security provisions within the financial markets and associated professions of accounting and law in late 2013. The purpose being to protect and enhance the reputation of the UK as a safe and secure place to do business and especially where corporate finance transactions can be carried out with confidence.
Corporate finance has been conducted electronically for many years and the need to maintain confidentiality throughout the process has not changed but maintaining confidentiality has become many times more difficult. The number of organisations who can become involved in a single transaction can number in the teens if not more. Whilst the security capability of larger firms may be well funded and reliable, it is often the smaller businesses involved where a security lapse creates an issue for the principals in the deal itself whether buyer or seller.
Due Diligence information is provided electronically whether by email or through portals and the opportunities for Cyber criminals to gain access remain numerous where businesses are not regularly reviewing the strength of their Cyber security.
The Law Society President Nicholas Fluck stated in November 2013 ‘Cyber security is a real concern for legal practices and their clients. As trusted advisers, solicitors not only need to protect the sensitive and personal data they handle every day, but play a crucial role in promoting cyber security to their clients.’
As recently reported in ICAEW’s economia publication, David Willetts, minister for universities and science, speaking at the ICAEW hosted launch of the review of cyber security in the corporate finance industry, quoted the case of a FTSE 350 company with a good cyber security record. The company had made an acquisition of a small business with poor network security. As a result, a hacker had unfettered access to the whole network for over a year during which it was responsible for the theft of data relating to new technology.
The development of Cyber security standards will help in time enforce best practice but in the meantime no firm or business wants to be the weak link in an M&A transaction and suffer damage in reputation and potentially much more.
Professional firms are encouraged to ensure that their Cyber security is regularly reviewed and tested by external security providers. Yellowspring offers advice and services in this area to professional firms and businesses alike, contact Maria West on 01268 494101 or email email@example.com.