This Cooley blog draws some lessons for dealmakers from the cybersecurity problems experienced in the Verizon/Yahoo! & Telstra/Pacnet transactions. Here’s an excerpt addressing the initial cyber risk assessment:
The acquirer should consider the cybersecurity exposure that the acquisition of the target may impose. To determine such exposure, a variety of techniques could be used in performing a review of the target. An overall cyber risk assessment early in the process can provide a general idea of the general cyber maturity of the target. In addition to a diligence review of the target’s cyber documentation (e.g., security policy, incident response policy, access control policy, etc.) by the acquirer’s legal team, a well-developed cyber questionnaire could provide a decent perspective on the cyber aspects of the target’s operations.
This Norton Rose blog also offers tips for buyers on how to approach cybersecurity due diligence.
– John Jenkins