Cyber Threats May Be Directed at Your Merger or Acquisition

Cyber criminals are focusing on M&A transactions like never before, and unless you assume the risk, “Buyer Beware!” There are several threats to information systems during the M&A process, both from internal and external factors.

As with any other business process evaluation during an M&A transaction’s due diligence process, there are several documents and procedures that should be reviewed when considering inside and outside threats. These include, but are not limited to, threats from unhappy employees who may feel that they are not getting what they deserve or from enterprising criminals who want to profit.

Security and data privacy:

Does the organization have a security policy that is documented and enforced?
Does the organization have a data privacy policy that is documented and enforced?
Does the organization have an incident response policy that has been tested within the past year?

Patching and change management policy:

Are systems in the target’s enterprise kept up-to-date with security patches?
Are they only running vendor supported operating systems and applications?
Does the organization have a strong change management process, and do they enforce that process?

Security assessments:

Does the organization regularly (at least annually) have a third-party audit of its IT processing procedures?
Does the organization have third-party penetration testing of its network and system security?
Does the organization rely on cloud services? Does the organization know the countries in which the cloud provider stores, transmits and processes its data?

These questions, among others, must be included in the due diligence checklist in any M&A transaction.

Gardere Wynne Sewell LLP has a long history of directing its clients through mergers and acquisitions. The expansion of the cybersecurity and privacy legal services team, in coordination with M&A efforts that Gardere is known for, provides a solid footing for developing and assessing the seller’s cybersecurity and information security policies and procedures prior to execution of any transaction.

Author(s)

Christopher Converse

Partner

cconverse@foley.com

Related Services

Sectors

Innovative Technology Cybersecurity & Data Privacy

Practice Areas

Mergers & Acquisitions Cybersecurity

Insights

The Current State of FinTech

27 September 2023

Foley Ignite

What Every Multinational Company Should Know About . . . The Foreign Trade Antitrust Improvements Act

27 September 2023

Manufacturing Industry Advisor

Startup Advisors: Why Use an Incorporation Service?

27 September 2023

Foley Ignite

Foley Automotive Update

26 September 2023

Dashboard Insights

Diane Hazel Comments on FTC-Amazon Antitrust Suit

27 September 2023

Reuters

Foley Represents Bioluminescence Ventures as Lead Investor in ReCode Therapeutics Series B Funding Extension

27 September 2023

Foley Serves as Lead Counsel to UF Health in Acquisition of Flagler Health+

27 September 2023

Foley Serves as Legal Adviser to Take Command in $25M Growth Funding Round

25 September 2023

AI Summit New York 2023

6-7 December 2023

New York, NY

American Conference Institute’s Advanced Forum on Telehealth

15-16 November 2023

New York, NY

Feeling Insecure About SECURE 2.0? A Discussion for Retirement Plan Sponsors

1 November 2023

Webinar

Moss Adams 2023 Executive Health Care Conference

1-3 November 2023

Las Vegas, NV