Following cyber due diligence, acquiring companies should focus on carefully drafting M&A transaction documents, as many boilerplate reps and warranties regarding cybersecurity and privacy lack sufficient specificity. In addition, companies should develop a process governing internal due diligence and how and when to disclose cyber risks and events to the SEC. Proskauer partners Lauren Boglivi and Julie Allen provided guidance on these critical issues of documentation and disclosure at a recent event. In a companion article, we covered Boglivi and Allen’s remarks, in addition to those of Proskauer partners Kristen Mathews and Jeff Neuburger, about strategies for conducting cyber diligence on a target. See also “The Arc of the Deal: Tips for Cybersecurity Due Diligence Advisors in Mergers & Acquisitions From Beginning to End” (Jun. 28, 2017).