Data privacy and cyber-security issues play a progressively prominent role when evaluating a possible company merger or acquisition target. Knowing a way to manage these issues might mean the difference between a mergers and acquisitions ( M&A ) transaction and one that quickly turns into a liability nightmare for the customer. As data privacy, cybersecurity, and data breach risks are necessary due diligence problems in mergers and acquisitions. Post-acquisition discovery of security issues and even notifiable breaches could be a way too common situation.
Verizon’s acquisition of Yahoo in February 2017 provides a recent, high-profile example. Verizon ultimately determined to move forward with the acquisition, even after discovering that Yahoo had suffered 2 huge data breaches, compromising over one billion user accounts. The foremost extremely publicized example of a merger or acquisition-related cybersecurity downside was Verizon’s discovery of a prior data breach at Yahoo! When having executed an acquisition agreement to acquire the corporate.
Over a third (40%) of acquiring corporations engaged in a very merger and acquisition dealings aforesaid they found a cybersecurity downside throughout the post-acquisition integration of the acquired company. Thus, 80th of respondents aforementioned that cybersecurity issues became extremely necessary within the M&A due diligence method whereas 70th of respondents aforementioned compliance issues are one amongst the foremost common forms of cybersecurity problems uncovered throughout due diligence, whereas 400th aforementioned a lack of comprehensive security design is also common.
Even for those acquiring corporations that shall inspect data security problems as a part of the M&A due diligence method. More often than not, the lawyers ask a battery of routine, privacy-related queries of a corporation even when that company doesn’t collect or handle consumer personal data. The main focus on data privacy, and not security more generally, is due partially to a general lack of awareness of broader cybersecurity issues, and a hyperawareness of the risks related to data breaches. To a large degree, an emphasis on data breach risks isn’t shocking since corporations should publically disclose breaches of private data to customers, and also the media often focuses considerable attention on these breaches, particularly large-scale ones.
This summarizes the growing potential issues like legal, financial, reputational, and operationally associated with cybersecurity, and additionally provides practical solutions on the way to identify, understand, and mitigate those risks throughout the merger or acquisition due to diligence method.
Therefore, in any merger and acquisition deal, conducting a strong level of due diligence is merely the battle. Putting in place representations and warranties during a purchase agreement, significantly as it considerations data privacy and cyber-security matters, is turning into an increasingly vital measure in guaranteeing a smooth and safe transaction.