Chances are that you or someone you know has been the victim of a data breach. The high number of cyberattacks and data breaches, now reported almost daily, calls attention to the importance of addressing these areas in the due diligence process in M&A deals.
Whether a target company has had issues with cybersecurity breaches in the past is a question that should be on the top of all acquirer’s minds, especially if that target has an online presence. If the target is a consumer facing business who regularly collects personal information, acquirers should focus its due diligence requests on the security practices of the target. Has the target implemented credit card tokenization? Have they updated their point-of-sale systems? How long do they retain customer information? If a target does not have a consumer base, the due diligence may instead focus on other areas, including how the target protects its trade secrets or confidential information. Continue Reading