Skip links

Loan Security and Cyber Security

Ian Selby, CFO

Are proper cybersecurity measures on your investment checklist?

Cybercriminals are attracted to money, which is why wherever there are investments and growth, the hackers are there doing everything they can to find a way in. This is why an investment of any size is always a risk. As an investor or a bank, you want to ensure that investment is as protected as possible. When it comes to cybersecurity, the threat is the same for all investments, large or small.

Banks and investment companies have a checklist they go through to ensure all parties are safeguarded. They look at sales and assets, staffing and IT and the like as a matter of course, but how many put proper cybersecurity procedures on their initial checklist?


Unprecedented damage from cyberattacks

The news pages are littered with stories of high-profile organisations in both the public and private sectors that have succumbed to a debilitating cyberattack – in some cases terminally. A company may have all the operational procedures and assets in place to trade effectively and make a healthy return on investment for years under normal circumstances. But if they are hit by a successful ransomware attack, this can all be blown away and your investment could be left with nothing.

If hit, that business may be unable to trade or operate. They may lose confidential client information and, as an investor, you could be issued with regulatory fines. And if the worst happens and the company goes into administration, the administrator could well come after you for further compensation.

Having cybersecurity insurance is not enough. As well as ever increasing premiums, there will be exclusions that will be very demanding about what they will cover.


Put cybersecurity measures on the critical investment checklist

Investors are increasingly coming to us to ask what they need to understand and what security measures they need to be checking.

Demonstrable cyber resilience of corporate data should become a condition of future placing agreements and we are seeing increased pressure in M&A transactions for specific vendor warranties around cyber protection measures. This makes complete sense because, as we have seen, a cyberattack can have a significant financial and reputational impact on a company.

Potential consequences to a business of a cyberattack:

  • Loss of confidential information
  • Reputational damage and fines
  • Locked systems, inaccessible data, and a consequent inability to operate normally
  • Instant destruction of shareholder value
  • Litigation against the company and/or directors
  • Possible insolvency

You really don’t want to be approving investment into a business if you haven’t fully checked that appropriate measures are in place to avoid these threats. You need to be asking the investee company what they have you got in the way of protection and then put it to the sword!

Most importantly, you should get into that conversation as soon as possible in the interactions with your investee company. This is a hygiene factor for an investor and be on the initial critical checklist. If proper cyber security measures are not in place – don’t even Pass Go.


Protecting your loan portfolio

Falanx Cyber can provide an initial low-cost cyber security assessment with our f:CEL tool. This tool will give you a rapid overview of a company’s cyber security as seen by a potential attacker. It can be used both as part of the due diligence process and as part of ongoing loan monitoring arrangements.

We provide a full range of cyber security services including defensive protective network monitoring and offensive penetration testing that can help your investments better protect themselves from this growing threat.