In 2021, the World Economic Forum's Global Risks Report--which addresses things that can and might go wrong--rated cybersecurity failure as one of the top three highest likelihood risks of the decade. That same year, the risks were made abundantly clear to the United States when the Colonial Pipeline fell victim to a ransomware attack and impacted the national fuel supply.
Since then, ransomware targets have gotten smaller--and more frequent. The latest trend in these attacks centers around middle market acquisitions, where the true targets are the private equity firms in the deal. The appeal? A newly acquired company typically has access to more ready cash, tends to have less robust cybersecurity, and may offer a backdoor into the acquirer’s systems, according to principal Richard Peters of UHY Consulting.
One acquisition by a private equity firm in late 2021 fell victim to an attack and was locked out of its hardware systems. It ultimately cost the company over a million dollars to release it. “Because of the M&A and because of the publicity around that, it became a better target,” Peters said. “They’re watching. They know what’s going on in the news as well as any businessman out there.”
And it is not just acquisitions being targeted, he said. Ransomware groups have also targeted the mergers and acquisitions departments of law firms, possibly searching for intelligence.
As acquisition ransomware attacks continue to surge, cybersecurity is becoming a far more routine due diligence consideration, according to Peters. Weak cybersecurity posture may not be a deal breaker, but it is prompting acquirers to seek remedial measures.
UHY Consulting’s Cybersecurity specialists address cybersecurity as an enterprise business risk. We take a facilitated approach to determine the optimal assessment type, and we tailor each cybersecurity assessment engagement to the individual needs of our clients. Simply put, we translate IT risks into business risks and provide meaningful insight to your stakeholders – from the boardroom to the security engineer.
Wall Street Journal subscribers can read the full article published by Wall Street Journal.
Non-subscribers may request a copy of the article using the form on this page.
Have a Question?
Please complete this form to hear from one of our innovative consulting professionals