M&A transactions increase cyber-attack vulnerability, warns lawyer

Cybersecurity risks are high when it comes to the M&A market, a recent global survey has found.

M&A transactions increase cyber-attack vulnerability, warns lawyer
Cybersecurity risks are high when it comes to the M&A market, a recent global survey has found. 

According to the global survey by Freshfields Bruckhaus Deringer, 78 per cent of respondents believe cybersecurity is not analysed in great depth or specifically quantified as part of the merger and acquisition due diligence process, with 83 per cent of respondents believing a deal could be abandoned if previous breaches were identified. 
Alec Christie, partner at DLA Piper said businesses need to place more emphasis on ensuring cybersecurity strategies are employed, particularly during the M&A due diligence process. 
The risk during the M&A process is high, with the average cost to businesses for a cyber-security breach in Australia costing an average of $2.8 million. Businesses can now be fined up to $1.7 million under the privacy act and in some cases; businesses have seen a hit to their reputation and even a drop in the share price as a result of a cyber-attack.
“In anyone’s language, I would think that would be significant enough to warrant attention in an M&A to warrant a question about what cyber incidents there have been, what the risk management plan is and how you deal with it,” he said.
Christie said failing to ensure a cybersecurity risk strategy is in place should be considered a breach of duty of care by company directors, and finding management strategies for cyber-security breaches are the key to minimising risk to companies during an M&A transaction. 
“The fact that they have had an incident is not the issue, the fact is, how have they dealt with it, how did they swing into action, what the damages were that arose from it and are they now in a better position after that point,” he said.  “You’ll never eliminate cyber-attacks, unfortunately anymore, that’s the world we live in but what you’re trying to do is manage the risk and minimise the potential liability both from a cost and reputation point of view… the question should be, what is your cyber/ personal information security risk management plan… if there’s nothing, alarm bells should be going off.”
He said the fact that cybersecurity is not a focus company wide, is the reason it’s often overlooked during a transaction. 
“A lot of M&A lawyers because their clients and what they have seen haven’t been focussed on cyber-risk or cyber-management as an issue, they simply haven’t brought it into their thinking in due diligence checklists, in their M&A issues and things like that.”

Free newsletter

Subscribe to our FREE newsletter service and we’ll keep you up-to-date with the latest breaking news, cutting edge opinion, and expert analysis affecting both your business and the industry as whole.

Please enter your email address below and click on Sign Up for daily newsletters from Australasian Lawyer.

Recent articles & video

Service to others is ‘a way of life’ for Maurice Blackburn principal

US DOJ calls for Affordable Care Act to be struck down

New managing partner celebrates first day on the job at Carroll & O'Dea Lawyers

JWS appoints new managing partner

Game Legal advises on cross-border e-sports team-up

Reed Smith celebrates 40th year in APAC with new managing partner

Most Read Articles

G+T raises a glass to drinks giant on the closing of largest M&A transaction in Australia for 2019

Seven make partner at Corrs Chambers Westgarth

JWS appoints new managing partner

Maddocks advises in sale of New Zealand medtech company