Chapter 11 – Cybersecurity Considerations During M&A Phases – Cybersecurity For Business

CYBERSECURITY FOR BUSINESS

Chapter 11 - Cybersecurity Considerations During M&A Phases

summary

Cybersecurity diligence during M&A calls for a two-pronged approach. Companies must conduct rigorous due diligence on the target company’s cyber risks and assess their related business impact throughout the deal cycle to protect the transaction’s return on investment and the entity’s value post-transaction. In addition, all parties involved in the deal process need to be aware of the increased potential for a cyberattack during the transaction process itself, and should vigilantly maintain their cybersecurity efforts. Applying this two-pronged approach during M&A will serve to ultimately protect stakeholder value.

Key Ideas

In the current landscape, cybersecurity due diligence often receives limited focus under tight time constraints.
Acquirers need to conduct cyber risk assessments as early as possible in the process.
During the identification phase, acquirers need to identify the cybersecurity risks before engagement with the target, model the financial impact, and understand the regulatory environment.
During the due diligence phase, acquirers need to estimate the cost of cyber risk remediation in order to meet defined standards under transitional services arrangements.
During the integration phase, acquirers need a plan to remediate compliance concerns, address risk exposure, and integrate security operations—wherever appropriate.