Given the increasing frequency of cybercrime and online security breaches, cybersecurity has moved to the forefront of importance when evaluating M&A prospects. Acquirors want to ensure that they are receiving the full value of what they are purchasing and protect themselves against any possible data breaches that can result in reputational, legal, or financial harm.

A report by the New York Stock Exchange Governance Services surveyed 276 directors and officers of public companies to determine how the growing presence of cybersecurity threats has had an impact on their M&A due diligence process. The report indicates that:

  • 66% of respondents include a security audit of the target's software applications;
  • three-quarters of respondents place the quality of intellectual property as a top consideration in their due-diligence process and say that a high-profile data breach would have serious implications on a pending transaction; and
  • 84% of respondents said that the discovery of a major vulnerability relating to a target's software assets would "likely" or "very likely" affect their final decision.

These data breaches can have serious implications for a business. Every major industry utilizes technology in a way that can result in serious damage to the company if a breach were to happen. We have seen recent high-profile data breaches across the board, from insurance companies and retail giants to universities across the United States.

Finding out the vulnerabilities of a company is one of the main reason for performing due diligence. During the due-diligence process, acquirors must not only examine possible data breaches that may have happened, but also look forward at the potential costs to bring a company "up to code" with their cybersecurity.

While companies are beginning to realize the importance of cybersecurity in the M&A due diligence process, they often don't have the technical skills to adequate assess a company's vulnerabilities. As a result, it may be necessary to develop their internal resources to overcome this weakness, or look to third-party specialists and consultants to assist with the due diligence process.

About Norton Rose Fulbright Canada LLP

Norton Rose Fulbright is a global law firm. We provide the world's preeminent corporations and financial institutions with a full business law service. We have 3800 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.

Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare.

Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

For more information about Norton Rose Fulbright, see nortonrosefulbright.com/legal-notices.

Law around the world
nortonrosefulbright.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.