Ohio Venture - OVA Review Newsletter
News from the Ohio Venture Association meeting on April 10, 2015


Cybersecurity Due Diligence – Mitigating Risk Factors in a Deal

Matt Neely and Christopher Sandford

As the incidence and sophistication level of cyberattacks continue to mount, these once relatively harmless security breaches can actually gum up corporate mergers and acquisitions.

That was the message OVA members heard at their April luncheon from two officials of locally-headquartered SecureState, one of just ten companies in America certified to respond to data breaches.

"Ten years ago, hackers broke into a website, and it was kind of like joyriding," said Matt Neely, SecureState's director of strategic initiatives. "Now, it's fairly well-organized crime, and they want to get in and stay there as long as possible without being detected...some intrusions are detected quickly, but generally it's measured in months, or even years."

Despite all the media attention to breaches at big companies, Neely noted that large enterprises generally have pretty good IT security. But small companies, on the other hand, "they're easy targets. They generally have little security, and they're still decent payouts" for hackers.

Board members of hacking targets are increasingly becoming targets themselves, as lawsuits are being filed against them for gross negligence in the wake of network incursions. Said SecureState's Chris Sandford, "There's an increasing likeness that board members, especially after the Target incident a couple years ago, are becoming liable, and are being individually or collectively sued by customers for hundreds of millions of dollars."

That's in addition to civil liabilities. Local and state governments are also starting to put laws in place forcing companies to better protect their data. Neely added that they're beginning to see information security riders being added to directors' and officers' insurance policies.

The pair suggested that venture firms would do well to get serious about assessing the true level of cyber protections at their portfolio companies and acquisition targets. After all, Matt Neely noted, Blackstone, the world's largest hedge fund, has recently acquired two data security firms, not so much for their financial upside, but to serve as in-house appraisal engines for their own portfolio companies.

Companies doing business in Europe also must be aware of the far more stringent data-protection and data-privacy policies in place there. "In the U.S., if someone gets my private information, I need to tell them not to use it. But in Europe, you need to give explicit permission to use your information," Neely noted.

The big thing in data security these days is immediate response. Neely likened it to the need to have firemen always waiting at the ready to respond to trouble. "The days of locking the door and not letting anyone in (your network) are passed."

More information:

Webcast from the Meeting:

Click on the image below to view the video.

Video Webcast from Recent Meeting

Webcasts produced by Tom Kondilas.

OVA's Video Archive is Online:

OVA is pleased to offer an archive of program videos to its website. You'll find the full video record of most OVA formal programs since 2008 at www.ohioventure.org/events/video-archives/.

Upcoming Meeting Dates:

  • May 8, 2015
    Andrew Yang
    Venture for America
  • June 12, 2015
    Venture of the Year Award

See complete details and registration for these events.

Spacer Spacer Spacer

Newsletter Sponsor:

Ciuni & Panichi

Copy by John Ettorre


Connect with OVA :

Ohio Venture on LinkedIn

Ohio Venture on Twitter


Search previous issues of OVA Review.

Calendar dot Sponsors dot Membership dot Mission dot Newsletters
Members Only dot Press dot Officers & Directors
Ohio Venture Association
Ohio Venture Association, Inc.

1120 Chester Avenue, Suite 470 dotCleveland, Ohio 44114
Phone 216/566-8884 dotFax 216/696-2582
E-Mail admin@ohioventure.org dotWeb www.ohioventure.org

© 2015 Ohio Venture Association, Inc. All Rights Reserved