I recently completed my studies at the Luxembourg School of Business and began exploring how to incorporate my newfound knowledge into my field of work. Specifically, I've been considering the application of Psychological Safety principles in the realm of Cyber/Information Security. 

What is Psychological Safety ?


Psychological safety is a concept that refers to an individual's perception of the consequences of taking an interpersonal risk in a work environment. It involves feeling safe to express oneself without fear of negative consequences to self-image, status, or career. In a psychologically safe team, members feel accepted and respected. This environment allows for open communication, creativity, and innovation, as individuals feel comfortable sharing their ideas, questions, concerns, and mistakes without fear of ridicule or retribution.

Amy Edmonson - TED Talk (Building a psychologically safe workplace)
https://www.youtube.com/watch?v=LhoLuui9gX8


 


Cybersecurity in M&A 


A Growing Priority for Decision Makers


In the dynamic landscape of mergers and acquisitions (M&A), decision-makers are increasingly prioritizing cybersecurity risks. 

A detailed survey by Forescout provides key insights into the current state of cybersecurity in mergers and acquisitions, the survey that involved nearly 3,000 IT and business decision makers reveals a growing emphasis on cybersecurity in M&As. 

The study found that 81% of respondents now prioritize a target's cybersecurity posture more than in the past with 62% agreeing cyber risk is their biggest concern post-acquisition.

This trend highlights the recognition of cyber risks as potential deal-breakers, capable of causing significant financial and reputational damages.

" Take the Verizon acquisition of Yahoo in 2017 as an example. Following Yahoo’s security breach disclosures, there was a $350 million acquisition price cut."

The study highlights this shift, noting the importance of continuous cyber assessment throughout the M&A process. It's no longer a one-time check but a critical, ongoing evaluation.

Key Findings


Transparency đźš« - An undisclosed data breach is a deal breaker for most companies: 73% percent of respondents agreed that a company with an undisclosed data breach is an immediate deal breaker in their company’s M&A strategy

Plan for continuous assessments 🔄 - Decision makers sometimes feel they don’t get enough time to perform a cyber evaluation. Only 36% of respondents strongly agree that their IT team is given time to review the company’s cybersecurity standards, processes and protocols before their company acquires another company. The results emphasize the importance of proper evaluation and time in ensuring successful M&A outcomes.

Acquisition Regrets🤦- 65% of respondents regret their M&A decisions due to cybersecurity concerns. Failure to address cyber risk can lead to major acquisition regrets: Nearly two-thirds of respondents (65%) said their companies experienced regrets in making an M&A deal due to cybersecurity concerns.

Integration Delays⏲️- 49% encountered unknown or undisclosed cybersecurity issues, causing M&A timeline delays. 54% reported minor delays and losses under $1 million; 50% faced major delays with similar financial impact.

Significant Lossesđź’¸ - 22% experienced losses over $1 million due to cybersecurity incidents.