M&A transactions increase cyber-attack vulnerability, warns lawyer

Cybersecurity risks are high when it comes to the M&A market, a recent global survey has found.

Cybersecurity risks are high when it comes to the M&A market, a recent global survey has found. 

According to the global survey by Freshfields Bruckhaus Deringer, 78 per cent of respondents believe cybersecurity is not analysed in great depth or specifically quantified as part of the merger and acquisition due diligence process, with 83 per cent of respondents believing a deal could be abandoned if previous breaches were identified. 
Alec Christie, partner at DLA Piper said businesses need to place more emphasis on ensuring cybersecurity strategies are employed, particularly during the M&A due diligence process. 
The risk during the M&A process is high, with the average cost to businesses for a cyber-security breach in Australia costing an average of $2.8 million. Businesses can now be fined up to $1.7 million under the privacy act and in some cases; businesses have seen a hit to their reputation and even a drop in the share price as a result of a cyber-attack.
“In anyone’s language, I would think that would be significant enough to warrant attention in an M&A to warrant a question about what cyber incidents there have been, what the risk management plan is and how you deal with it,” he said.
Christie said failing to ensure a cybersecurity risk strategy is in place should be considered a breach of duty of care by company directors, and finding management strategies for cyber-security breaches are the key to minimising risk to companies during an M&A transaction. 
“The fact that they have had an incident is not the issue, the fact is, how have they dealt with it, how did they swing into action, what the damages were that arose from it and are they now in a better position after that point,” he said.  “You’ll never eliminate cyber-attacks, unfortunately anymore, that’s the world we live in but what you’re trying to do is manage the risk and minimise the potential liability both from a cost and reputation point of view… the question should be, what is your cyber/ personal information security risk management plan… if there’s nothing, alarm bells should be going off.”
He said the fact that cybersecurity is not a focus company wide, is the reason it’s often overlooked during a transaction. 
“A lot of M&A lawyers because their clients and what they have seen haven’t been focussed on cyber-risk or cyber-management as an issue, they simply haven’t brought it into their thinking in due diligence checklists, in their M&A issues and things like that.”

Recent articles & video

White & Case partner among new vice-chairs for ICC arbitration and ADR commission

LegalVision practice leader wants to pay mentorship forward

Treasury Corporation of Victoria taps Allens for advice on stamp duty reform program

US law firm avoids immediate sanctions over fake claims in Visa and Mastercard settlement

Report reveals law firms in San Francisco and Los Angeles move out of downtown areas

New ‘Good Governance’ Code introduced in the UK to ensure lawful and effective council operations

Most Read Articles

Kain Lawyers scoops up ex-PwC Australia legal business head as director

Global firms bring A-game to support Orana BESS project

Revealing the top influencers in Australia’s legal profession for 2024

Maddocks pitches in on $1bn medical merger