How to ensure you are protected from Cybersecurity risks across your portfolio of companies.
Acquiring companies need to assess cyber risks as part of the Mergers & Acquisitions due diligence process to ensure that they are not acquiring a data breach. However, the lawyers conducting such diligence do not adequately understand the current cyber threat landscape or don’t understand the particular cybersecurity risks associated with the target company.
We help fill in that gap by:
- Asking whether the selling company has experienced any prior cybersecurity incidents, including data breaches, and how it has responded to such incidents.
- Identifying the privacy and cybersecurity risks the target company faces given its industry sector.
- Understanding the network and system architecture and data flows, including the use of cloud providers and third-party applications.
- Understanding the extent to which the selling company gathers and uses personal information, especially customer personal information and highly sensitive proprietary information.
- Reviewing commitments and representations made by the selling company to its users and customers in connection with privacy and security issues, including contractual obligations.
- Recognizing whether the acquirer will need to obtain any consents to use personal or private information of the selling company post-closing.
- Assessing the current information security maturity level and recommend a roadmap to mitigate the identified risks.