Cybersecurity planning is an important preparation step
In prior blog posts we discuss third party due diligence and preparedness steps you’ll need to take with your business to be able to successfully withstand the “probe” that your company might one day undergo. Too often company owners believe the tough decision is that of deciding to sell their business…in reality there is an equally important question and that is can your company withstand the due diligence activity of a third party as they probe your business to determine what value to place on it.
These days, due diligence isn’t getting any easier as a potential acquirer must look deeply into your company to determine what opportunities and risks relate to owning it. One such risk these days relates to your company’s cybersecurity readiness. Here are great questions to think about now in this area because they are questions you will likely receive one day from a potential acquirer:
- Have you ever had a third-party IT company conduct penetration testing of your company network and systems? Do you do this periodically to identify any gaps in protection protocols?
- Do you ensure full safeguarding of employee (personal information) and customer data, such as credit card information?
- Do you know what customer and vendor agreements you’ve signed that require you to notify them if a breach occurs and what the timeframe is for notifying them?
- Do you train new employees on the basics of cybersecurity protection at your company?
- Do you have a cybersecurity recovery plan should your company systems/network be breached?
- Have you investigated having cybersecurity insurance and are you clear on what it specifically covers?
Bottom line is this – cybersecurity was barely on any third party due diligence list a decade ago. Today, it’s on every acquirer’s due diligence checklist. Use time as a friend now and ensure you have a protection plan in place. Doing so can protect the worth of your company today and help support the future worth that an acquirer might see in acquiring your business.