The Business Law Blog
Today’s companies store all kinds of data in the cloud and on various computers and devices. This includes intellectual property, personnel information, credit card and bank account details. In many cases that data includes sensitive information that could fall prey to cyberattacks and hackers if it’s not kept safe. Those risks are forcing potential buyers of a business to question the acquisition of companies they are considering. The potential buyer of a company dives deeper into their target’s cybersecurity efforts during the due diligence process.
How Much Do Cyberattacks and Data Breaches Cost Companies
While you might think hackers only target larger corporations, cyberattacks and data breaches are on the rise in all sized companies. According to the Ponemon Institute’s 2018 State of Cybersecurity in Small & Medium Size Businesses report, 68 percent of respondents reported a cyber attack in 2018, up 6% from 2017. For incidents that involve customer and employee information, 58 percent of respondents reported these data breaches in their company. That was up 4% from the previous year.
The aftermath of a data privacy breach can be costly. Companies spent on average $1.43 million to replace damaged or stolen IT assets. That is a 33% increase from the year before! The disruption to normal operations cost these companies another $1.56 million on average.
What Data Privacy Breaches Mean During Acquisition Due Diligence
Any buyer would want to avoid these costly and common incidents. This is why evaluating a company’s cybersecurity and data privacy efforts during due diligence is so critical. Uncovering weak cybersecurity strategies may not kill a deal, but it will give buyers a better idea of the cost to shore up a company’s digital assets. A buyer has to consider that once the sale is done it could lower the actual value of the target, and the purchase price.
Here are some of the key tasks that are required to have your acquisition attorney, your top-level executives, such as your CIO and CFO, properly evaluate cybersecurity efforts and assets before any deal is closed.
Know What Data the Company Stores
Companies own a tremendous amount of electronic records. These are digital documents and audio recordings to anything else that’s stored on computers, laptops and in the cloud. Some of it is maintained in-house, but often IT consulting firms, independent contractors and other third parties may be storing the information.
During due diligence, it’s critical to create a complete list of every digital asset a company holds. Both internally and externally—before moving to the next steps to ensure that the proper protections are in place.
Assess the Company’s Digital Holdings
With an in-depth assessment of the company’s digital holdings, it’s time to look at its efforts to keep those assets safe. Cybersecurity audits should be done annually. This will provide an outline of all the company’s cybersecurity programs and highlight any vulnerable areas.
Review the company’s programs to determine if they reflect the rapidly changing technology landscape. Strong cybersecurity programs must be regularly updated to keep up with digital advancements and hackers.
Look at a Company’s Response to Previous Cyber Threats
There might be no better way to assess a company’s cybersecurity efforts than studying how they responded to a previous threat or attack. How was data breached? How quickly did they respond both internally and externally? What information was stolen or lost? What changes were made after the cyberattack?
The answers can help potential purchases of a business assess how seriously a company considers cybersecurity and data privacy, and whether their protocols are effective.
Data privacy isn’t just a good idea, it’s required. A variety of state and federal laws mandate that small, mid-sized businesses and of course corporations comply with cybersecurity regulations. California’s new data privacy law will go into effect soon. At the same time, foreign governments are shoring up protections for their citizens. As of May 2018, The European Union’s General Data Protection Regulation, set rules for how companies handle personal information.
During due diligence, companies must be able to demonstrate that they meet all required cybersecurity regulations. This includes their location, the customers they serve and their industry.
A lawyer who is well-versed in the issues of acquisition due diligence can streamline the process and identify legal ramifications of decisions made along the way. During due diligence, experienced lawyers can quickly uncover the opportunities and liabilities of a target company so buyers know they’re not only getting the best value. They must also protect themselves from problems and lawsuits related to data breaches and cyberattacks in the future.
We provide a dedicated team of experienced attorneys for your company, with all the experience and technology of a big law firm for half the price!
Cybersecurity audits must be done annually by all businesses and provides an outline of the company’s cybersecurity programs and reveal any vulnerable areas.read more
Master service agreements and statements of work are standard operating procedure for many corporations and midsize business owners. These documents spell out either the overall or per-project business relationship between parties, so everybody is on the same page as initiatives move forward.read more
Friends NYC is a 2200-square-foot indie department store / retail goodness that started as a friendship pact between wannabe-sisters Mary Meyer and Emma Kadar-Penner. “When we initially started our business, we were flying by the seat of our pants.”read more
When you’re considering a company to acquire, that process to vet the target and make the most informed decision for your business can get complicated. It’s the ultimate due diligence project.read more
Just as business owners have taken the smart steps to protect their trademark and other intellectual property here in the United States, they also need to take action to safeguard their assets when they do business abroad.read more
Meet Jason Shaw – Founder of Decodist, a company that addresses the gap in the website development industry. Decodist makes high-value technology more accessible to small businesses. The company plans to scale out Decodist on an international level, and...read more
When deciding to sell a company, business owners have plenty of critical and complicated decisions to make. And among those tasks is selecting the appropriate legal structure for the sale itself.read more