Cybersecurity diligence during M&A calls for a two-pronged approach. Companies must conduct rigorous due diligence on the target company’s cyber risks and assess their related business impact throughout the deal cycle to protect the transaction’s return on investment and the entity’s value post-transaction. In addition, all parties involved in the deal process need to be aware of the increased potential for a cyberattack during the transaction process itself, and should vigilantly maintain their cybersecurity efforts. Applying this two-pronged approach during M&A will serve to ultimately protect stakeholder value.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Andrew Cotton is a Partner and Americas Cybersecurity Leader for EY in which role he has responsibility for cross-service line, cross-channel evaluation and refinement of EY’s cybersecurity strategy and tactical operating plans. He has more than 25 years of industry experience serving EY’s largest global technology clients in the San Francisco Bay Area. Andrew has previously served on the Firm’s Partner Advisory Council and as the Americas Software Sector Leader, at which time he developed the firm’s technical guidance in that area. He has a Master of Arts degree from Oxford University.