civiccenter.jpg

Cyber Security Concerns in M&A Transactions

Apr 13, 2016

Cyber Security Concerns in M&A Transactions 

By John Lonnquist

               Why is cyber security such an important consideration in mergers and acquisitions? Because you could be buying an enormous amount of unknown liability.  Cyber security is becoming a key factor in analyzing the amount of risk that a financial strategic buyer will take on after an acquisition.  A company’s ability to effectively protect its systems and data and mitigate its exposure will have a direct effect on how much a potential buyer is willing to pay for an acquisition. 

               What is the cyber risk in and M&A transaction?  While acquisition specific, in a nutshell it could be the following:

  • Theft of intellectual property or trade secrets
  • Loss of sensitive business information and strategies
  • Loss of customer/employee data
  • damages to reputation and employee/consumer confidence
  • Litigation and compliance risk
  • Remedial expenditures
  • Loss of shareholder value

               So, generally speaking, what should an acquirer look for when assessing a merger or acquisition?

  • Ensure the seller has strong cyber security and data privacy programs and protection
    • Identify and evaluate data risks
    • Identify and evaluate regulatory risks
    • Is there an emergency response plan in place, has it ever been implemented (or tested) in the past?
    • What cyber security insurance coverage is in place?
    • Identification of legacy systems
  • Understand the liabilities the buyer may be assuming at closing
  • Incorporate any liabilities into appropriate documents for the M&A transaction in the form of price adjustments, hold-backs representations, warranties, and indemnities.

 

To fully evaluate the cyber security risks in an M&A transaction specialized cyber security consultants should be hired along with legal counsel. Both the legal and technical risks need to be fully evaluated so that the risks can be properly allocated, the price can be properly adjusted and contingencies can be put in place before completing the transaction.  The last thing a buyer wants is to find themselves to be the proud owner of a company facing a cyber security lawsuit.  The attorneys at MLMW regularly handle M&A transactions and work with outstanding cyber security consultants and advisors. 

 

(Mallon Lonnquist Morris & Watrous, PLLC, is a business, employment, real estate, and litigation law firm. John Lonnquist is a Colorado business attorney with MLMW, based in Denver, Colorado. John regularly represents clients on cyber security matters and M&A transactions. John can be reached at jlonnquist@mlmw-law.co and (303) 722-8261)



Category: M&L Legal Posts