{
  "docId": "019dd923-5de0-76bd-a168-d0984f387fb5",
  "docSlug": "f7275e434f5f1b04",
  "documentTitle": "The Global State of Information Security® Survey 2018 Singapore highlights",
  "authorId": "PwC",
  "authorName": "PwC",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.707,
  "pageNumber": 23,
  "pageCount": 36,
  "prevPage": 22,
  "nextPage": 24,
  "slideType": "problem_statement",
  "function": "frame_problem",
  "density": "overcrowded",
  "nDataPoints": 1,
  "notes": "The slide uses a numbered list overlaid on a world map to emphasize the three areas of risk.",
  "elementsJson": [
    "paragraph",
    "infographic"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a168-d0984f387fb5/23",
  "deckHref": "/decks/019dd923-5de0-76bd-a168-d0984f387fb5",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a168-d0984f387fb5.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a168-d0984f387fb5#slide-23",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Cybersecurity risks of target companies should be considered across three areas: the nations in which the target company is headquartered and operates, the industry in which the organization operates, and the company's individual security practices and incident history.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd952-3beb-760d-a9ee-ace8ceec0002",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.3,
        "w": 0.85,
        "x": 0.07,
        "y": 0.6
      },
      "kind": "image",
      "text": null,
      "attrs": null,
      "subkind": "map",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "9a6b038a-fb4a-4a2a-9b6f-1c425c576718",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.25,
        "w": 0.7,
        "x": 0.2,
        "y": 0.62
      },
      "kind": "list",
      "text": "1. The nations in which the target company is headquartered and operates\n2. The industry in which the organization operates\n3. The company's individual security practices and incident history",
      "attrs": null,
      "subkind": "numbered",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "b8730485-f777-4a9b-86e8-d72bbe766103",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.18,
        "w": 0.27,
        "x": 0.36,
        "y": 0.36
      },
      "kind": "paragraph",
      "text": "In assessing cybersecurity risks, three areas should be considered: The nations in which the target company is headquartered and operates, the organization's industry sector, and its individual cybersecurity practices and incident history. Operations in certain countries carry inherently more risk than others, and they also may be subject to more stringent cybersecurity and privacy regulations. The types of risks vary by industry as well.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4f57f6e4-ea10-4e7c-87d5-92b8ceeadcc9",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.09,
        "w": 0.27,
        "x": 0.65,
        "y": 0.36
      },
      "kind": "paragraph",
      "text": "The challenge for many organizations is that they often have a very brief time frame to assess the cybersecurity performance of target companies. A well-planned strategy for due diligence will help provide an orderly and timely process to assess potential acquisitions.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "5d00101c-0351-49d0-b19d-f91fd99543ca",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.18,
        "w": 0.27,
        "x": 0.36,
        "y": 0.17
      },
      "kind": "paragraph",
      "text": "That's why due diligence of the target's cybersecurity capabilities and risks is becoming as essential as a careful audit of its financials. Yet many organizations do not thoroughly investigate how a target company protects its digital assets. In fact, a Freshfields survey of 214 global dealmakers found that 78% of respondents believe cybersecurity is not analyzed in great depth or specifically quantified as part of the M&A process.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "8366b013-246f-4504-940b-397c8d92f130",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.18,
        "w": 0.27,
        "x": 0.65,
        "y": 0.17
      },
      "kind": "paragraph",
      "text": "By individual company, some of key areas of vulnerability include the target's data inventory and locations (including data for third-party suppliers), data collection processes, cybersecurity policies and controls, privacy policies and cybersecurity insurance coverage. It's also important to consider whether a target has incident-response and crisis-management plans in place, as well as whether it has detected breaches and how it responded to those incidents.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "a345bc84-5355-423e-a403-d2a65ed6fddf",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.18,
        "w": 0.27,
        "x": 0.07,
        "y": 0.3
      },
      "kind": "paragraph",
      "text": "Businesses that do not adequately assess the cybersecurity practices and capabilities of target companies may put themselves in jeopardy of attack. How so? Sophisticated cyberadversaries may infiltrate smaller companies with less secure cybersecurity capabilities and wait for them to be acquired by larger firms. When the companies' information systems are integrated, threat actors may attempt to gain a foothold on the networks of the acquiring firms to carry out attacks.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c7527254-1efa-47a9-bb66-f6567143b8a2",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.07,
        "w": 0.27,
        "x": 0.07,
        "y": 0.22
      },
      "kind": "paragraph",
      "text": "As organizations continue to grow through mergers and acquisitions (M&As), the cybersecurity practices and potential liabilities of a target company have become serious risks.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ec3ac80a-5447-4a45-abf9-c233e9fc3097",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.3,
        "x": 0.07,
        "y": 0.92
      },
      "kind": "source-note",
      "text": "12 Freshfields Bruckhaus Deringer, Cyber Security in M&A, July 2014",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "ac572fb8-159f-4a7c-9aa8-1176e8ae4b35",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.03,
        "w": 0.85,
        "x": 0.07,
        "y": 0.57
      },
      "kind": "title",
      "text": "Cybersecurity risks of target companies should be considered across three areas:",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "1009ed29-9fa6-4864-a11c-9e3d9b46dcfb",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.03,
        "w": 0.3,
        "x": 0.07,
        "y": 0.17
      },
      "kind": "title",
      "text": "Due diligence of cybersecurity in M&As",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "d66e43c5-d188-46e0-babc-b5d76bf817a4",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 25,
      "from": 21,
      "beatId": "9216f41a-61d7-4ce8-b60c-f416e97d189b",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Impact & Next Steps",
      "beatSlug": "consultants-gambit-impact-next-steps",
      "evidence": "The document discusses the implications of the findings and the need for turnaround and transformation in cybersecurity",
      "position": 3,
      "confidence": 0.8,
      "parentBeatName": "Resolution",
      "parentBeatSlug": "resolution"
    }
  ],
  "loops": [],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}