It’s a fact perhaps not so widely known that 40% of acquiring companies going through an M&A discovered a cybersecurity problem during the post-acquisition integration. What this would indicate is that acquirers aren’t being given the right information about the data security in the company they are buying. That’s pretty shocking considering the level of due diligence required in the M&A process.
So why is this happening?
We know from our experience helping companies discover their data, that approximately 85% of it is unstructured or ‘dark’ data comprised of documents, spreadsheets and information often downloaded from structured databases and shared and stored in email inboxes, Word documents, Excel spreadsheets and cloud storage drives in the course of everyday working.
We also know from our customers that a typical organisation’s unstructured information contains:
42% confidential information
1% sensitive personal information
9% personally identifiable information
The security threat in dark data
The major risk of dark data is the security threats it poses. Dark or unstructured data is the point of weakness in any organisation leaving the business vulnerable and exposed. Because it is hidden, it can’t be secured.
It can include data such as plaintext passwords stored in word documents, PKI certificates sitting in email inboxes, and Personally Identifiable Information (PII) without password protection and it’s this that the traditional M&A process is failing to find
Indeed, this is exactly the kind of data stolen in Marriott Hotels’ catastrophic data breach from 2018 which is back in the news as they face a class action litigation from one customer on beh ..
Support the originator by clicking the read the rest link below.
