Vicky Meek looks at how the city can take the lead in combatting cyber threats.

The fearsome cybermen of Doctor Who fame emerged from the sewers of 1960s London, an emotionless cyborg race bent on destruction. How different in reality: today’s most-feared cybermen are quite real and breaking into – rather than destroying – computer systems in the City for their own nefarious means.

It would have been hard to escape the news of cyber espionage and of security compromise in banks and consumer-facing companies over the past two or three years. And many believe those are just the tip of the iceberg, as many violations go unreported. Some even remain unknown to the victims. Needless to say estimates vary as to how much cybercrime affects businesses and individuals. But one 2011 report by consultancy BAE Systems Applied Technology (formerly Detica) and the UK Cabinet Office put the cost of this to the UK economy alone at £27bn. Although such figures should be taken with a large pinch of salt as there is a lot of guesswork involved in quantifying the problem, it does give some idea of the size of the cyber threat as viewed by government.

And when it comes to M&A and other corporate transactions, there is now a growing body of evidence to suggest that corporate finance transactions are becoming a prime target for cyber security breaches. Possible intruders include organised crime networks, individuals or competitors seeking to gain financially from sensitive information, or governments looking to protect the interests of domestic companies. Hacktivists can also have an ideological opposition to the success of a deal. They may be lured by the huge amount of confidential information routinely exchanged between individuals and organisations during a transaction and/or the potential to disrupt deals.

One 2012 report by Mandiant Corp, a US-based cyber security firm, suggested that the systems of as many as 80 major US law firms had been compromised in 2011. There have also been reports of financial institutions being targeted by those seeking to access sensitive information on the financing terms they were offering in M&A transactions. Obviously, this is highly valuable information in a bid situation.

Clearly, ensuring information is securely handled has always been a vital part of managing a transaction process. Clear desk policies, for example, have long been in place. Although not always obeyed to the letter, it is quite obvious to the naked eye when a clear desk policy is not being adhered to. Confidentiality agreements are also a standard part of the deal process. The risk of interception has intensified in recent years as the vast majority of communication is now carried out electronically, making it more vulnerable to compromise than might have been the case previously. Those involved in M&A and other corporate finance transactions generally have a set of information risk management guidelines and procedures. However, most have yet to formulate an approach that really adequately incorporates the cyber context into their overall information risk management framework.

"The corporate finance industry as a whole has been a little slow in getting to grips with this issue," says Richard Sanders, partner at Catalyst Corporate Finance. "Most firms are only just starting out on understanding how to manage the risk, but it’s an area that will become more important." One of the possible reasons for this is the nature of many corporate finance transactions.

"If you look at M&A work, it is usually frantic and rushed," says Alex Petsopoulos, partner at Deloitte and a member of the Cyber Security Taskforce convened by ICAEW’s Corporate Finance Faculty for the UK Government’s Cabinet Office. "The ability of those involved to focus on cyber security is somewhat limited – some might say a luxury. That’s the challenge in getting the issue on the agenda."

Find out more

Corporate Finance Faculty members

• Download the complete article Threat control

Non-faculty members

To read this article in full join the Corporate Finance Faculty and get full faculty benefits.