Best Practices for Cybersecurity and IT Due Diligence Engagements
Should you spend your due diligence budget for your next merger or acquisition on cybersecurity professionals or accountants? While due diligence has long been within the purview of accountants and deal attorneys, the current business and IT climate demands that an organization making an acquisition perform due diligence on the security posture and compliance status of its target, regardless of the industry in which the target operates. Due diligence engagements aim to answer important questions, including:
- Has the target organization built an information security program?
- Has it conducted security testing?
- Is it following privacy regulations?
- What are its compliance and contractual requirements, and are those requirements being met?
- How does the potential acquisition affect current compliance certifications for both parties?
- How difficult is it for the buyer to integrate into the target’s existing technical platform and are transition services needed?
Perhaps the most important question of all — how do the answers to the above questions impact the deal from a risk and valuation standpoint?
Join us for the next Midwest Cyber Security Alliance virtual meeting, during which Brad Lutgen and Kevin Bong from Sikich’s cybersecurity practice, together with Jennifer Urban from Foley & Lardner, will discuss what should be covered in a cybersecurity and IT due diligence engagement. The presenters will dig into specifics on various services, talk about actual acquisitions and the fallout from poorly executed due diligence, and cover the expectations of insurance companies when they provide rep and warranty insurance coverages on a deal. You will walk away with an understanding of how information security and IT professionals from your organization should plan for its next acquisition, or how those same teams can prepare to be acquired.
There is no fee to attend this event, but advance registration is required. To register, please click here.
Continuing legal education (CLE) credits will be applied for after the program in all applicable states. Foley & Lardner LLP certifies that this activity has been approved for California MCLE credits by the State Bar of California. Foley & Lardner LLP is a State Bar of California MCLE approved provider. To be eligible for CLE credit, you will need to be logged into the meeting for the full duration of the live event; credit may not be obtained by viewing and/or listening to a program recording after the event. Your first and last names must also be entered upon joining the meeting and displayed throughout the program. Additionally, you will need to complete and return the Attorney Affirmation Form that will be made available. Certificates of attendance will be distributed to eligible participants via email approximately eight weeks after the program. Important information for New York attorneys: This program is appropriate for experienced attorneys only.
This program may be eligible for continuing privacy education (CPE) credit toward CISA, CISM, CGEIT, and/or CRISC certifications and maintenance. Please visit the ISACA website to review the specific CPE requirements for your certification and verify whether the topic(s) addressed in this program align with one or more of your certification’s job practice areas: CISA, CISM, CGEIT, CRISC. If determined to be eligible, an ISACA Verification of Attendance form will be made available for self-reporting purposes.