October 28, 2016

M&A Cybersecurity: Diligence Lessons From Recent Deals

This Cooley blog draws some lessons for dealmakers from the cybersecurity problems experienced in the Verizon/Yahoo! & Telstra/Pacnet transactions.  Here’s an excerpt addressing the initial cyber risk assessment:

The acquirer should consider the cybersecurity exposure that the acquisition of the target may impose. To determine such exposure, a variety of techniques could be used in performing a review of the target.  An overall cyber risk assessment early in the process can provide a general idea of the general cyber maturity of the target.  In addition to a diligence review of the target’s cyber documentation (e.g., security policy, incident response policy, access control policy, etc.) by the acquirer’s legal team, a well-developed cyber questionnaire could provide a decent perspective on the cyber aspects of the target’s operations.

This Norton Rose blog also offers tips for buyers on how to approach cybersecurity due diligence.

John Jenkins