Volume: 3 Issue: 4
A corporate network breach can have lasting consequences not only for the company’s customers and existing stakeholders, but also for its future acquirers and successors. The reason even a single cyber security incident can be material is by now well understood, and a constant focus of shareholders, boards, lawmakers, regulators, consumer data breach victims, and even international standard setting bodies. Simply put, today’s market leaders across nearly every sector of industry have made their mark through the rapid adoption of technology, coupled with the broad collection, use, and sale of all sorts of data, and lots of it. It comes to follow that today’s mergers and acquisitions (‘M&A’) are saddled with business and legal considerations involving privacy and cyber security that simply did not exist 20 years ago. These considerations are particularly acute for transactions that involve companies with large quantities of sensitive personal data, or whose value materially relies upon the protection of trade secrets; or, in relation to the networks themselves rather than the data that resides on them, companies that operate critical systems or manufacture devices that require high process integrity and guaranteed levels of service availability. Steven R. Chabinsky, Kevin L. Petrasic and Helen Y. Lee of White & Case LLP, provide a detailed breakdown of cyber security due diligence for M&A transactions.