The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Mergers & Acquisitions

  • From Vol. 2 No.20 (Oct. 5, 2016)

    Essential Cyber Due Diligence Considerations in M&A Deals Raised by Yahoo Breach

    Yahoo’s 2014 massive data breach, made public only two months after Verizon announced its plans to acquire Yahoo for $4.83 billion, highlights the necessity for proper cybersecurity due diligence in advance of an acquisition, and for the acquiring company to account for an undetected breach as part of the value of the transaction. There probably needs to be “a little more cybersecurity homework done before pulling the trigger on an acquisition. We hope this situation brings that conversation to the forefront,” Milan Patel, a managing director in K2 Intelligence’s cyber defense practice, told The Cybersecurity Law Report. In this article, with insight from attorneys and technical consultants, we examine current contingencies in Verizon’s deal with Yahoo and detail steps companies should be taking to identify and mitigate cyber risk through due diligence and how to structure a deal to account for those potential risks. See “Tackling Cybersecurity and Data Privacy Issues in Mergers and Acquisitions (Part One of Two)” (Sep. 16, 2015); Part Two (Sep. 30, 2015). 

    Read Full Article …
  • From Vol. 2 No.17 (Aug. 24, 2016)

    Cybersecurity Due Diligence in M&A Is No Longer Optional

    The heightened importance of cybersecurity in the corporate environment has made it vital for potential acquirers to assess the IT systems of target companies to determine their value and risk. Despite an increased awareness of the importance of cyber due diligence, many companies lack the proper personnel to conduct thorough analyses, according to a new study by West Monroe Partners and Mergermarket that surveyed top-level corporate executives and private equity partners about their companies’ practices. The results provide a window into the trends that shape the diligence process, as well as insights into the ways it can be improved. We summarize the study’s key findings. See also “Tackling Cybersecurity and Data Privacy Issues in Mergers and Acquisitions (Part One of Two)” (Sep. 16, 2015); Part Two (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Mitigating Cyber Risk in M&A Deals and Third-Party Relationships

    Ensuring that a target, or a third–party vendor, has adequate cybersecurity controls before the company takes on the risks of that entity is of paramount importance in today’s cyber threat environment. At a recent PLI panel, counsel at Tiffany & Co. and EY shared advice for conducting M&A due diligence, including specific questions to ask, and presented a five-step plan for assessing and addressing data security and privacy risks that accompany third-party vendor relationships. See also “Tackling Cybersecurity and Data Privacy Issues in Mergers and Acquisitions (Part One of Two)” (Sep. 16, 2015); Part Two (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 1 No.13 (Sep. 30, 2015)

    Tackling Cybersecurity and Data Privacy Issues in Mergers and Acquisitions (Part Two of Two)

    The role of general counsel and compliance officers in pre-transaction due diligence is becoming increasingly integral in companies’ acquisitions processes.  Relatively new on their growing list of due diligence items are cybersecurity and data privacy issues.  For some deals, discovering problems in those areas will prompt a party to end the process.  But in other transactions, the parties will tackle the issues and find a solution to finalize the deal.  This article, the second in our two-part series on M&A cybersecurity best practices, examines how to handle cybersecurity problems when they are discovered, when to walk away and how to manage risk, remediation and integration when the deal does move forward.  Part one focused on cybersecurity and data privacy due diligence.  It also discussed proactive measures each side can take to facilitate a smooth transaction.  See also “Cybersecurity and Information Governance Considerations in Mergers and Acquisitions,” The Cybersecurity Law Report, Vol. 1, No. 7 (Jul. 1, 2015).

    Read Full Article …
  • From Vol. 1 No.12 (Sep. 16, 2015)

    Tackling Cybersecurity and Data Privacy Issues in Mergers and Acquisitions (Part One of Two)

    Ensuring a target company has strong cybersecurity and data privacy programs is quickly becoming a pillar of merger and acquisition due diligence.  In this two-part article series, we explain how these issues can be handled before, during and after the deal to ensure that a company’s data remains safe, compliant and in line with any privacy policies or other agreements.  Part one focuses on cybersecurity and data privacy due diligence and proactive measures an acquiring company, as well as a target, can take to facilitate a smooth transaction, with examples from companies such as Disney and Instagram.  Part two will examine how to handle cybersecurity problems when they are discovered; when to walk away; and how to manage risk, remediation and integration when the deal does move forward.  See also “Cybersecurity and Information Governance Considerations in Mergers and Acquisitions,” The Cybersecurity Law Report, Vol. 1, No. 7 (Jul. 1, 2015).

     

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    Cybersecurity and Information Governance Considerations in Mergers and Acquisitions

    The growing impact of cyber incidents has led to a heightened need to conduct a thorough cyber due diligence both before and after an M&A deal.  In a recent webinar, Reed Smith partners Anthony J. Diana, Courtney C.T. Horrigan, Mark S. Melodia and Richard D. Smith shared insight on how cybersecurity affects the valuation of certain assets and offered advice on how to focus due diligence to detect and assess cyber risks pre-transaction, including litigation risks that can arise from data breaches.  They also recommended specific steps for planning post-closing data integration and evaluating the adequacy of insurance coverage.  See also “Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015); Part Two of Two, Vol. 1, No. 2 (Apr. 22, 2015).  There has been a flurry of data breach activity over the past 10 years, and “it is only increasing in pace,” Melodia noted.  A company’s cyber risk can directly affect its value in an M&A context.  This is where “cyber risk meets the deal,” he said.

    Read Full Article …