Cyber criminals are focusing on M&A transactions like never before, and unless you assume the risk, “Buyer Beware!” There are several threats to information systems during the M&A process, both from internal and external factors.
As with any other business process evaluation during an M&A transaction’s due diligence process, there are several documents and procedures that should be reviewed when considering inside and outside threats. These include, but are not limited to, threats from unhappy employees who may feel that they are not getting what they deserve or from enterprising criminals who want to profit.
Security and data privacy:
Patching and change management policy:
Security assessments:
These questions, among others, must be included in the due diligence checklist in any M&A transaction.
Gardere Wynne Sewell LLP has a long history of directing its clients through mergers and acquisitions. The expansion of the cybersecurity and privacy legal services team, in coordination with M&A efforts that Gardere is known for, provides a solid footing for developing and assessing the seller’s cybersecurity and information security policies and procedures prior to execution of any transaction.