Cyber security warning for corporate finance

Financial sector needs to take special measures to protect information in corporate finance deals

Online information sharing could put corporate finance deals at risk, with cyber criminals potentially targeting major investment banks, corporate executives, advisers and other parties in a bid to glean sensitive financial data, intellectual property or information about contracts.

That is the warning of the Institute for Chartered Accountants in England and Wales (ICAEW) in a report entitled "Cyber Security in Corporate Finance".

"For anyone involved in corporate finance transactions, cyber-security needs to be treated as a high priority. The large volumes of information shared in the process of completing a transaction and the number of people involved in every stage of a transaction are greater than in the course of 'normal', business-as-usual operations," warns the report.

The ICAEW's warning was released at the same time that security company CrowdStrike claimed that Russian state organisations were routinely conducting corporate espionage on American, European and Asian companies.

Indeed, "nation states" is one of the six threats identified by ICAEW, along with organised crime, rivals, individuals who can profit in some way from inside information, "hacktivists" and, of course, employees and contractors.

The organisation makes a number of recommendations to limit the risks.

Many of those recommendations are non-IT, such as rigorously enforcing non-disclosure agreements as part of a strategy to keep potential transactions secret, tightening up due diligence procedures and considering local regulatory norms.

However, it also highlighted the importance of securing information used in corporate finance deals in more secure environments. These include "virtual data rooms" for added security, especially in the due diligence process where sensitive information and documents will be perused, but ought to be distributed on a strict "need to know" basis.