Today, cybersecurity has become a crucial component of planning and carrying out an IPO. Cyberattacks have become real business risks and are growing in number; in 2021, the number of corporate attacks each week increased by 50%. Cybersecurity has also increasingly become part of the due diligence and regulatory reporting process—and it’s set to play a bigger role. The U.S. Securities and Exchange Commission is currently weighing enacting additional requirements for listed companies to report cybersecurity incidents and give periodic overviews of their cyber risk management policies.
It’s important to remember that while public companies don’t get attacked more often, any attacks are made public. Public companies are higher profile, as the public and media watch them more closely, and they are often held to higher standards. A public company can no longer simply mitigate an attack or vulnerability; it must communicate about it, putting its image in the spotlight and at risk.
