Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Similar documents
EY Norwegian Cloud Maturity Survey 2018

Cyber Crime Seminar 8 December 2015

Danish Cloud Maturity Survey 2018

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

EY Consulting. Is your strategy planning for the future or creating it? #TransformativeAge

Cybersecurity: balancing risks and controls for finance professionals

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

GDPR: A QUICK OVERVIEW

Data Loss Prevention - Global Market Outlook ( )

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber Security in Smart Commercial Buildings 2017 to 2021

HEALTH CARE AND CYBER SECURITY:

What It Takes to be a CISO in 2017

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Data Loss Prevention:

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cyber Security Incident Response Fighting Fire with Fire

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

Cyber Security Law --- Are you ready?

IoT in Indian Electricity Transmission & Distribution Sectors

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

The NIS Directive and Cybersecurity in

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

How will cyber risk management affect tomorrow's business?

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Digital Forensics - Global Market Outlook ( )

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Cyber Security in Real Estate

Go Cloud. VMware vcloud Datacenter Services by BIOS

CYBERSECURITY AND THE MIDDLE MARKET

Security Awareness Training Courses

M&A Cyber Security Due Diligence

Protecting your data. EY s approach to data privacy and information security

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Cybersecurity The Evolving Landscape

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

European Union Agency for Network and Information Security

How to Prepare a Response to Cyber Attack for a Multinational Company.

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Version 1/2018. GDPR Processor Security Controls

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

Securing Your Most Sensitive Data

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Altitude Software. Data Protection Heading 2018

Does someone else own your company s reputation? EY Global Information Security Survey 2018

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Canada Life Cyber Security Statement 2018

DIGITAL TRUST Making digital work by making digital secure

Cyber Risks in the Boardroom Conference

Disaster recovery strategic planning: How achievable will it be?

ISACA Cincinnati Chapter March Meeting

NCC Group plc. NCC Group plc Interim Results

Systems & Services Business Strategy

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Information Security Forum Hvad er nyt fra ISF?

Cybersecurity. Securely enabling transformation and change

Interim Report Q2/2016 Samu Konttinen, CEO SECOND QUARTER REVENUES INCREASE BY 11% FROM PREVIOUS YEAR

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Accelerate Your Cloud Journey

Turning Risk into Advantage

A Data-Centric Approach to Endpoint Security

Investor Presentation

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

Global Security Consulting Services, compliancy and risk asessment services

Cyber Insurance: What is your bank doing to manage risk? presented by

Acquisition of Fellesdata AS

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

CCISO Blueprint v1. EC-Council

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

Big data privacy in Australia

How to avoid storms in the cloud. The Australian experience and global trends

Healthcare Security Success Story

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

NW NATURAL CYBER SECURITY 2016.JUNE.16

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Sirius Security Overview

Cyber risk Getting the boardroom focus right

A View From the Top. Mark Hughes BT Group Security Director

Cyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Risk advisory Services Technology risk assurance. November 2016 THE POWER OF BEING UNDERSTOOD AUDIT TAX CONSULTING

Private cloud for business

Best Practices in Securing a Multicloud World

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Emerging Landscape of IT. Hishamul Hasheel,Vice President Software & Security, Redington Gulf - Value Division

Samu Konttinen, CEO Q3 / 2017 CORPORATE SECURITY REVENUE UP BY 11% - GOOD GROWTH CONTINUED

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

CIO Forum Maximize the value of IT in today s economy

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

WIND. Representing clients across the renewable energy industry. Troutman Sanders LLP. troutman.com

Transcription:

Cyber Diligence EY Deals Forum 2018 Ian McCaw EY Transaction Advisory Services

Finance & Commercial Diligence 2 B COMPANY: Power Life INDUSTRY: ENERGY REVENUE: 192m EBITDA: 875k (35% growth in 5 years) Power Life 1 of 3 COMPANY OVERVIEW: Founded in 2004 Power Life is a 3,500 MW power generation portfolio consisting of 15 large-scale wind farms and a new solar farm OPERATIONS Wind farms operate within Norway, Denmark and Sweden with new state-of-the-art solar farm in Italy DEAL OPPURTUNITY: Potential to be a new green energy supplier augmenting existing fossil-based generation MARKET ANALYSIS: Power Life is the market leading green energy provider in Scandinavia and holds 85% market share. Page 2

Finance & Commercial Diligence A THUNDER Corporation. 1 of 3 COMPANY: THUNDER CORP INDUSTRY: ENERGY REVENUE: 187m EBITDA: 20m (10% growth in 5 years) COMPANY OVERVIEW: Founded in 2004 Thunder is a leading oil and gas equipment and service provider specialising in the rental, sale, and service of products used in well construction. OPERATIONS Operating across 7 countries within Africa (Algeria, Angola, Cameroon, Egypt, Equatorial Guinea, Libya, Nigeria) OPPORTUNITY: Platform for regional growth with complementary services and products to core business MARKET ANALYSIS: Thunder is the second largest provider within its market, holding 25% total market share. Page 3

IT Diligence 2 B OVERVIEW Consolidated ERP system is due to be implemented in 8 months according to management plans; all plant, distribution and metering systems are local; some timesheet and HR systems that are SaaS / Cloud provided COSTS Historic IT Spend @ 1% revenues for 2015/2016/2017 with 1.25% forecast for 2018 GOVERNANCE IT organisation consists of 12 people. CIO replacement is pending Power Life DISASTER RECOVERY Evidence of Disaster Recovery plan with testing planned along with ERP consolidation programme INCIDENTS IT outages have not impacted operations (generation or transmission) in last 12 months, as reported by management 2 of 3 Page 4

IT Diligence A THUNDER Corporation. 2 of 3 OVERVIEW Multiple ERP systems running across key operating locations with limited integration. New financial consolidation system implemented in last 12 months. IT desktop operating system refresh completed 12months ago to Windows 8. Outsourced data centres for key IT Infrastructure with HR cloud services. COSTS Historic IT Spend @ 0.75% revenues for 2015/2016/2017 with 0.5% forecast for 2018. GOVERNANCE IT organisation consists of 12 people. DISASTER RECOVERY Evidence of Disaster Recovery plan with testing performed 3 years ago INCIDENTS IT outages have not impacted operations (generation or transmission) in last 12 months, as reported by management Page 5

Cyber Diligence A THUNDER Corporation. 3 of 3 INDICATORS OF COMPROMISE No evidence of historic infections in the last 12 months EXTERNAL SYSTEMS INFORMATION Incorrectly configured service could allow a malicious actor to send e-mails representing themselves as Thunder CYBER GOVERNANCE COO & CIO meet to discuss cyber security monthly. Effectiveness of security controls are reported and suppliers assessed. DATA REGULATORY Working towards GDPR compliance and the only PII data stored on Thunder systems is in relation to it s employees CYBER CONTROLS AND CAPABILITIES Thunder uses VPN firewall with 2-factor authentication between Corporate and ICS (Power Generation) networks. Third-party provides managed security services (MSSP). Page 6

Cyber Diligence B 3 of 3 Power Life INDICATORS OF COMPROMISE Conficker and WannaCry Botnet infections were detected between May to November 2017 on Power Life s systems. EXTERNAL SYSTEMS INFORMATION Some abnormal open ports such as Telnet, RPC and MySQL were found to be open to the internet CYBER GOVERNANCE Responsibility of the CFO and this may change when Power Life appoint a CIO. No regular security reporting. DATA REGULATORY No gap analysis or plan for GDPR compliance. Power Life stores consumer PII data for marketing within operating regions. CYBER CONTROLS AND CAPABILITIES No internal Security testing performed for 3 years. Corporate and ICS (Power Generation) network interconnected with legacy Windows XP systems. Logging is enabled but not monitored. Page 7

What Cyber risks do you see as important? Operating Model Change Programmes BYOD Regional Locations Maintenance HVAC Office Supplies Remote Working Staff Physical Buildings Strategy Consultants BPO Marketing HR Contractors Business Advisors System Integrators Channels to Market Finance Legal Legal Advisors Cloud Customer IT IT Outsource Partner Technology Vendors Software Dev Partners R&D Sales Business Operation Product Supply Component Supply Product Launch Change Programme Joint Ventures TSA Arrangement Divestments Channel Launch Cloud Migration Integration Programme Integrated Acquisitions De-merger Regional Expansion ERP Programme Portfolio Investments Standalone Acquisitions Restructuring Legal Jurisdiction Digital Transformatio Interim Mode of Operation Synergies Acquisition Targets Data Compliance IoT Innovation Restructuring Diligence Third-Party Vendors Capital Events (M&A) Page 8

Notified Data Breaches By Sector First half of 2017 89 112 19 125 228 35 10 76 32 53 Government Retail Hospitality Financial Services Healthcare Industrial Insurance Technology Telecom & Media Other Industries Number of Breaches by Sector in the first half of 2017 89 112 19 125 228 35 10 76 32 53 Page 9 Data Source: Gemalto

Cyber Threats across Industries The Bigger Picture Aerospace, Defense & Government Services Consumer & Retail Hospitality Financial Services Healthcare Cyber threat focus areas Big data & PII Network connected ICS Multiple outdated IT systems Complex supply chains Critical National Infrastructure Cyber threat focus areas Industrial Insurance Technology & Business Services Telecom & Media Other Industries Page 10

Have you had personal information breached? www.haveibeenpwned.com Page 11

What Cyber deal impacts would you want to know? Is Cyber Security a regular agenda item for the Board? What degree of involvement and oversight is exercised? Does the board receive and act on active Cyber metrics and reporting? Do you outsource the provision of IT, applications and data? What level of oversight do you have of your key suppliers Cyber security? Is your business heavily dependent on IT Systems and data to generate profits? What would be the impact of a breach of your key electronic information assets? Do you know what data regulations apply to your business and the potential impact of non-compliance? What level of Cyber Security investment has been made in the last 12 months as a percentage of IT spend? Have you defined a formal Cyber awareness programme that is run on a regular basis? Do you perform any security or penetrating testing to identify Cyber threats and vulnerabilities in the business? Do you know the Cyber risks and value impacts for your last transaction? Could your fund or business still be impacted? Page 12

EY Assurance Tax Transactions Advisory Ernst & Young LLP Ernst & Young LLP. Published in the UK. All Rights Reserved. The UK firm Ernst & Young LLP is a limited liability partnership registered in England and Wales with registered number OC300001 and is a member firm of Ernst & Young Global Limited. Ernst & Young LLP, 1 More London Place, London, SE1 2AF. ey.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback