DealLawyers.com Blog

Here’s an excerpt from this Akin Gump blog:

Companies are at increased risk during the time of an acquisition:

– They may not be fully investing in updates and system upgrades.
– Data shows an average of 200+ days for companies to detect advanced persistent threats, so the impact of a cyber deficiency in an acquired company may not be visible immediately.
– The acquirer may not be engaged sufficiently on cyber and information technology issues immediately after its investment to catch weaknesses and allocate resources quickly.

Directors who serve on multiple boards of directors face special issues:

– Cybersecurity is an enterprise risk management issue that must be evaluated to meet fiduciary duty standards.
– Boards cannot simply rely on management, and they should be aware of comparative cybersecurity practices with other companies on whose boards they serve.