To understand why companies are auditing for cybersecurity, we must first understand the risk.
In the same study, (ISC)2 found that security breaches that come to light during the due diligence process can derail a transaction; in fact, almost half (49 percent) of participants said they had seen it happen.
The same number said a post-acquisition security breach in an acquired company has affected the share value of a publicly traded organization.
Cyberrisk is measured by comparing a company’s operational processes against some form of standard and reporting the results.
The Cyber Security Framework (CSF) developed by NIST is by far the most often recommended benchmark, and it should be adopted as the foundation upon which to build a cyber risk assessment.
It was developed by experts, is hailed as the gold standard in the US, and is gaining considerable interest outside North America.