No doubt that you have either read or experienced at your own companies the devastating increase in cyber-attacks that compromise computer systems and data. A Forbes Magazine article has estimated that here were 50% more cyber-attacks on US companies in 2021 versus 2020. Further, the Ponemon Institute estimates that 66% of all US small and medium sized companies have experienced a cyber-attack in the past 12 months. Our experience in selling medium sized defense and aerospace companies is that all have experienced cyber-attacks causing varying degrees of damage and causing disruption and delays in the sale process.
Even small aerospace and defense companies must take significant steps to improve cybersecurity. The US Department of Defense is in the process of developing a cybersecurity compliance program known as the Cybersecurity Maturity Model Certification (CMMC) which, when finalized, will be required of all US defense subcontractors, regardless of size.
Buyers expect defense companies, that they are considering acquiring, to have made substantial progress toward CMMC implementation. If not, the buyer may place a significant discount on their valuation or they may decide the risks are too high to proceed with buying the target company.
Whether or not you are a seller today, we encourage all suppliers to the Department of Defense to take CMMC seriously. We also encourage commercial suppliers in the aerospace industry to review the CMMC regulations and consider how these cyber defenses might benefit them. The following is the URL for the Department of Defense website regarding CMMC: https://www.acq.osd.mil/cmmc/
Have a great day everyone.
Bruce Andrews
Managing Director, Defense