One of our first Deal Notes® (DN003) published on February 15, 2022, addressed the topic of Cybersecurity and the dramatically increasing occurrence of cybersecurity attacks on middle-market defense and aerospace companies. We advised that all such companies begin the process of becoming compliant with the new Department of Defense cybersecurity specification Cybersecurity Maturity Model Certification (CMMC).
Since that Deal Note® the world of cybersecurity has significantly changed. Cybersecurity attacks continue to increase at roughly 15% per year while the average current cost to a business to repair the damage through improved systems and ransoms has risen to $5.09 million per incident according to IBM. The causes are many but are largely attributed to human error on the part of employees likely associated with the increase of remote workers and the dramatic explosion of Artificial Intelligence (AI) giving bad actors vastly improved tools to try to penetrate company systems and data.
Another significant change is that the Department of Defense (DoD) has improved the original CMMC specification (CMMC 2.0) designed to enhance defense and aerospace companies to better protect their systems while simplifying the process. CMMC 2.0 has three significant goals: simplify and clarify the requirements, focus on advanced standards for companies with the highest priority programs, and increase oversight of professional standards with third-party oversight responsibility. The general theme of CMMC 2.0 is to achieve “Zero Trust” through compliance with the specification through enhanced monitoring and detection capability.
Middle-market aerospace and defense companies are expected to be compliant with CMMC 2.0 by 2027 and should begin strengthening protocols and training employees to achieve compliance. Please refer to the new DoD website (dodcio.defense.gov/CMMC/about ) for further details.
In conclusion, our extensive experience in selling middle market aerospace and defense companies is that nearly all companies have experienced cyber-attacks, and that the buying community has made cybersecurity compliance a key item for focus during the due diligence process. You would be very wise to aggressively achieve CMMC 2.0 as early as possible.
Have a great day everyone.
Bruce Andrews
Managing Director, Defense