As corporate boards and executive management get more involved in understanding their own company’s cybersecurity posture, it only makes good sense that they would want to know similar information about an acquisition target. Most companies depend on digital assets, whether in the form of customer data, trade secrets or business plans. Those assets are not only vulnerable to theft or destruction, they also may trigger complicated and evolving cybersecurity and privacy mandates from a variety of regulators in the United States and abroad.
Cybercrime has emerged as one of the foremost threats a company faces. As a result of a few keystrokes, a company may find its customers’ data sold on the dark web, its intellectual property in the hands of a competitor, or its operations paralyzed by ransomware.
Thus, cybersecurity due diligence is quickly becoming – and should be – an important aspect of any M&A transaction.