In the age of big data, bring-your-own-devices and Internet-connected supply chains, cybercrime is big business. As a result, cyber security has never been higher on the C-suite agenda.
Top executives from all disciplines now appreciate that hackers have many ways to access stored corporate data. Financial and banking information, customer records, research, marketing plans and confidential emails are all worth stealing -- with apps, devices, routers, websites and even the firewall-protected networkoffering backdoors to clever criminals.
The hackers, too, have evolved. Once the preserve of the high-schooler or prankster out for bragging rights, hacking is now a lucrative pillar of many a crime empire. Ruthless, global and with access to sophisticated technology and services, organized crime is responsible for developing malware and coordinating attacks that are very difficult to detect and avoid. Insidious Advanced Persistent Threat (APT) attacks that put an intruder within your network to syphon off data over an extended period of time are becoming more common, sometimes using a more traditional Distributed Denial of Service (DDOS) attack as a cover for the intrusion.
Challenges in Asia
Here in Asia, these global risks are being amplified by two factors: the fast pace of the merger and acquisitions (M&A) process and the fluidity of the job market for senior IT personnel.
The volume of M&A activity in Asia reached a record high of $367.7 billion in the first half of this year, when global deals rose 41% to US$1.83 trillion. While volumes across the US and Europe are also high (US$815.7 billion and US$507.9 billion respectively), it is the velocity of M&A activity in Asia that is striking. Executives here must be even more vigilant to ensure that security is not compromised by the speed at which deals are done.
Security is a critical component of M&A due diligence today. Determining whether the new partner brings an acceptable level of cyber risk should be as crucial as evaluating the deal's financial and legal implications. An undetected APT intrusion in a target company could, for example, allow confidential documents to be monitored during negotiations and open a backdoor to your network post-acquisition if vulnerabilities are not addressed. Publicity around an M&A could also attract malicious activity as cybercriminals probe for weaknesses to exploit. Getting appropriate security in place before integration begins is thus vital to protecting both entities and the value of the deal.
Globally, CIO turnover is higher than for other C-level roles: in a 2012 survey of 60 CIOs from large international companies, 65% had held two or more CIO roles, with 40% saying they didn't expect to be in their current position beyond another year or two.
Sign up for CIO Asia eNewsletters.