A recent study from West Monroe Partners highlights the continued and increasing focus on data privacy and cyber-security issues in M&A transactions.
The report notes that compliance problems at target companies are the most common cyber-security issue uncovered during the due diligence process. It also notes that 40% of acquirers had discovered a cyber-security issue after a deal had closed, thus suggesting that there is significant room for improvement on the level of due diligence focus given to cyber-security matters during the pre-closing period.
Taking that a step further, acquirers will want to consider implementing a comprehensive review of a target company’s data privacy matters, rather than merely including one or two "check the box" questions on a due diligence questionnaire.
Given the ever changing sophistication of cybercriminals, let alone the fact that many companies provide employees with the ability to access IT systems through non-company owned equipment (ie. telecommuting from home computers and mobile devices), the risk of data being lost, stolen, misdirected or misappropriated is simply unavoidable.
Just how quickly acquirers can come to terms with a target’s risks, however, will not only help mitigate data losses, but will also help acquirers quantify the inevitable costs that will be required to be incurred to address issues (which no doubt will affect company valuations and purchase price multiples).
Andrew L. Share is managing partner of Nixon Peabody’s Manchester, New Hampshire, office. He specializes in corporate, commercial and business law matters, particularly in M&A, IP licensing and technology transactions and business process outsourcing. Read more Nixon Peabody blogs here.