Island Banking Services is a non-US firm that works in the Financial Transactions Processing, Reserve, and Clearinghouse Activities industry, which has the NAICS 2017 code 522320. Financial transaction processing, financial instrument clearinghouse services, and reserve and liquidity services are all provided by companies in this industry. On the island, the firm has a customer care center and three branch locations, although the bulk of its client’s deposit and withdraw cash via electronic funds transfers, internet banking, and credit/debit cards.
Agenda
The presentation begins with a general summary of the merger & acquisition deal and its background. It dives into the introduction of the cybersecurity strategy’s main standalone points and goals, ranging from prevention and identification to the response to emerging threats. It then proceeds to cover the implementation plan, barriers to success, and general recommendations.
M&A overview
In M&A deals the suggesting company is generally in the position of greater market power and influence. Due to the Island Banking Services’ bankruptcy and criminal history, the M&A with Pagett-Beale Solutions is a second chance for them. Yet the Padgett-Beale Solutions has a power advantage and therefore can influence the strategies of Island Banking Services, especially in the information department.
Failed companies possess the financial potential for M&A deals in cases when their structure or organizational approaches might quickly end up efficiently utilized for profit. This particular deal specifies the inclusion of operating systems, software, and other IT goods in the deal. Therefore it is reasonable to assume, that the merger company is interested in the merged company’s IT resources.
The Chief Information Security Officer, often known as the CISO, is the ultimate guardian of data privacy inside a company. They’re in charge of developing and managing the cyber dangers that come with everyday operations, as well as supporting a secure environment and preserving existing data from data theft. Risk and compliance management, technical operations, and vendor communication are the three major functions of the job.
Padgett-Beale, Inc. is a joint venture company that works in the hotel, restaurant, and resort business. An insider working at the Property Holdings and Development station was responsible for intellectual property theft. He was an integral part of the Future Plans Committee’s team. After this member quit and joined a rival in the Recreational Vehicle Park region, the Property Holdings and Development office head felt something suspicious was going on. After further investigation, he discovered log files on the insider’s corporate laptop. A huge number of large data were taken from the company’s servers and transferred to this insider’s cloud account.
The digital assets and records of Island Banking Services were bought from the bankruptcy courts by Padgett-Beale, Inc. Licenses for office productivity software, financial transaction processing software, database software, and desktop and server operating systems are among these assets. The gear, software, and license necessary to run the company’s internal computer networks are also included in the transaction. Padgett-legal Beale’s counsel was successful in negotiating the return of copies of the business’s documents with the bankruptcy court and the criminal courts, allowing the company to resume operations.
Goals
The goal-setting in the cybersecurity strategical plan lies in the balance between the general requirements of an efficient cybersecurity system and a set of specific characteristics of a particular firm. The characteristics can be categorized into capacity-related and mission-related. (Camillo, 2018) The first group can be addressed by modernization of the equipment, whereas the second concerns the aspects of internal change management and the general purpose of the business in question. Thus most of the goals discussed in this presentation can be adapted accordingly to the needs of the firm.
Cybersecurity strategy 1: overview
At the overview stage of the cybersecurity strategy, it is worth considering the industry differences between the two M&A firms. The company that specializes in hotel and resort management is unlikely to be equipped to deal with the cyber threats of the investment bank on technical and human levels. However, as the number of cyber attacks against hotels has increased in recent years, it is reasonable to assume that the relevant IT department possesses the basics of cyber security knowledge.
Cybersecurity strategy 2 – adopt data principles
Organizations have shown an increased readiness to engage in threat intelligence sharing platforms in recent years. The rising need for companies to protect themselves against today’s sophisticated cyber attacks has led to an open sharing of information and expertise on threats, vulnerabilities, events, and mitigation measures. (Catota, Morgan &Sicker, 2018)
While addressing the threats and protecting the existing data, professionals must ensure the data itself is up to due quality. Poorly sourced data is often used by the ransomware enthusiast to bypass the victim’s suspension of disbelief
Cybersecurity strategy 3 – communication, collaboration, coordination
Focuses on the development of functioning communication channels within the IT department and between the IT department and the remaining company to avoid conflicts of interest and align the general corporate vision
Cybersecurity strategy 4 – incorporate data stewardship
Focuses on establishing a new culture of relationship with data within the organization, based on accountability and resourcefulness.
Cybersecurity strategy 5 – Establish a proactive posture against cyber attacks
Focuses on the protection of the most mission-critical and operation-critical data sets, also commonly referred to as crown jewels.
Cybersecurity strategy 6 – Enhance measures to limit the impact of a potential cyber security incident
Focuses on the assumption that no matter the amount and intensity of preparation, the accidents are bound to occur. With this in mind, the Bank must be ready to respond appropriately and meet the interests of its various stakeholders
Cybersecurity strategy 7: Build resilience to recover from a cyber event
Focuses on investing in functioning recovery mechanisms, both in terms of restoring the damage to the computer systems and dealing with the data loss and potential financial consequences
Cybersecurity strategy implementation plan: adopt a proactive position
Greater levels of trust lead to a greater likelihood of a client reporting the error or violation they have encountered while using the bank’s online services
Barriers to success
Cybersecurity barriers to practice are becoming relatively low with the digitalization of commerce affecting the number of clients in the industry. However, the financial resources of any company are finite, and cybersecurity is by far an expensive experience due to the industry’s digital online nature. Furthermore, the human error factors and faulty organizational management employees complicate the research even further.
Summary of strategy goals
Strong cyber security has been a point of emphasis in modern financial institutions, often essential to secure a customer’s trust. Investing in the development of better cyber security is a profitable choice since it is a form of re-investing into the company while attracting new customers.
Overall
But most importantly, the company must understand the importance cybersecurity possesses for them right now. Due to the CEO’s arrest, the firm needs restoring the reputation even under the merger’s protection.
References
Althonayan, A., & Andronache, A. (2019). Resiliency under strategic foresight: The effects of cybersecurity management and enterprise risk management alignment. In 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA) (pp. 1-9). IEEE.
Awan, J. H., Memon, S., Khan, R. A., Noonari, A. Q., Hussain, Z., & Usman, M. (2017). Security strategies to overcome cyber measures, factors and barriers. Eng. Sci. Technol. Int. Res. J, 1(1), 51-58.
Bouveret, A. (2018). Cyber risk for the financial sector: A framework for quantitative assessment. International Monetary Fund.
Camillo, M. (2017). Cybersecurity: Risks and management of risks for global banks and financial institutions. Journal of Risk Management in Financial Institutions, 10(2), 196-200
Catota, F. E., Morgan, M. G., & Sicker, D. C. (2018). Cybersecurity incident response capabilities in the Ecuadorian financial sector. Journal of Cybersecurity, 4(1), tyy002.
Crossler, R. E., Bélanger, F., & Ormond, D. (2019). The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats. Information Systems Frontiers, 21(2), 343-357.
Didenko, A. N. (2020). Cybersecurity regulation in the financial sector: prospects of legal harmonization in the European Union and beyond. Uniform Law Review, 25(1), 125-167.
Ezuma-Ngwu, C. (2019). Exploring Individual Intent towards Blockchain Technology in Response to Threats to Personal Data and Privacy (Doctoral dissertation, Northcentral University).
Gaidosch, T., Adelmann, F., Morozova, A., & Wilson, C. (2019). Cybersecurity risk supervision. Departmental Papers, 2019(014)
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2020). Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 40(1), 183-199.
Hasham, S., Joshi, S., & Mikkelsen, D. (2019). Financial crime and fraud in the age of cybersecurity. McKinsey &Company.
Jibril, A. B., Kwarteng, M. A., Chovancova, M., & Denanyoh, R. (2020). Customers’ perception of cybersecurity threats toward e-banking adoption and retention: A conceptual study. In ICCWS 2020 15th International Conference on Cyber Warfare and Security (Vol. 270). Academic Conferences and publishing limited.
Kahyaoglu, S. B., & Caliyurt, K. (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal.
Koepke, P. (2017). Cybersecurity information sharing incentives and barriers. Sloan School of Management at MIT University.
Lezzi, M., Lazoi, M., & Corallo, A. (2018). Cybersecurity for Industry 4.0 in the current literature: A reference framework. Computers in Industry, 103, 97-110.
Malaika, M. (2021). Central Bank Risk Management, Fintech, and Cybersecurity. IMF Working Papers, 2021(105).
Mester, L. J. (2019). Cybersecurity and Financial Stability; 2019 Financial Stability Conference–Financial Stability: Risks, Resilience, and Policy, 11.21. 19; Federal Reserve Bank of Cleveland and the Office of Financial Research, Cleveland, OH (No. 112)
Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The board’s role in managing cybersecurity risks. MIT Sloan Management Review, 59(2), 12-15.
Selby, J. (2017). Data localization laws: trade barriers or legitimate responses to cybersecurity risks, or both?. International Journal of Law and Information Technology, 25(3), 213-232.
Smith, K. J., & Dhillon, G. (2019). Assessing blockchain potential for improving the cybersecurity of financial transactions. Managerial Finance.
Wendt, D. W. (2020). Exploring the strategies cybersecurity specialists need to improve adaptive cyber defenses within the financial sector: An exploratory study (Doctoral dissertation, Colorado Technical University).
Widhoyoko, S. A. (2017). Fraud in rights and contracts: a review of bankruptcy case of livent inc. based on governance, risk, and compliance (GRC) framework. Binus Business Review, 8(1), 31-39.