By Brian Resutek


Financial and collateral review? Check. Appropriate lender agreements, carveouts and lien perfection? Check. Review of borrower’s cybersecurity policies and procedures? Can you repeat that? When it comes to lender due diligence and documentation, organizations are well versed with modeling, credit procedures and deal structures; however, there is a continually growing blind spot that lenders cannot afford to ignore: Cybersecurity. 

Simply stated, the cybersecurity risk across a company or borrower should be evaluated by every lender to ensure capable protection levels across computers, networks, programs, and operations at the borrower level. If not evaluated, a cybersecurity breach could severely affect the stability and lifespan of an entity, despite all other underwriting criteria being met. This potential risk of loss is considerable regardless of the size of the business, and unfortunately, the likelihood of an attack is also high adding to the importance.

According to Cybint Solutions, 64% of companies worldwide have experienced at least one form of cyber attack in the past year. While the reasons vary as to why hackers want to attack companies, one fact is certain: The cost to companies is high when a breach occurs. Per IBM’s recent 2022 cost of a data breach report, the average cost of a data breach in 2022 was $4.35 million. While companies such as Equifax and Target made major headlines for their massive breaches, a large majority go unreported to the public, with an even larger figure today likely brewing inside companies (and our borrowers); waiting to be exposed. 

207 Days. That was the average time it took for a company to just identify a breach in 2022 per the IBM report. Tack on an additional 70 days to contain the breach and the full duration is 277 days from start to finish. Ralph Pasquariello of Snellings
Walters Insurance Agency emphasizes this point to his clients. “Cybersecurity is the biggest question and threat on the CFO plate today. You need to know what the effect will be to your business when you are down.” Pasquariello further cited the importance of appropriate benchmarking to determine limits and understanding how all of a company’s insurance policies, such as crime and property, must work in conjunction with a cyber insurance policy. Additionally, lenders should be asking these questions along with what types of procedures, assessments and protocols are in place, along with the frequency of testing.

Click here for the full article.

About the Author

BrianResutek_Headshot_150x150
Brian Resutek is a senior vice president and business development officer for Rosenthal & Rosenthal’s Southeast office in Atlanta, GA. He can be reached at bresutek@rosenthalinc.com.