After the second quarter of 2020 saw the lowest levels of global mergers and acquisitions in over a decade (US$485 billion, down over 50 percent from nearly $1 trillion last year), the trend is now pointing towards recovery. As M&A resumes, companies must prepare for the resurgence of legal due diligence work, including the growing importance of data privacy and security.
Cybersecurity issues carry significant implications for deal terms, deal value, and post-closing liability. With the risks resulting from the mass transition to remote working, having a comprehensive understanding of a target company’s cybersecurity risk profile is now even more crucial.
As a result, prospective purchasers must perform proper due diligence on target companies to learn of any data breaches and to ensure that appropriate safeguards are deployed against potential cyberattacks. If not, data breaches can result in a multitude of consequences, including unexpected remediation costs, loss of business, litigation and government fines.
In this study, we reviewed and analyzed Annual Reports on Form 10-K filed by companies in the Fortune 100 on EDGAR to determine the prevalence of cybersecurity incidents disclosed in risk factor disclosures, whether those incidents rose to a significant or material level, and to analyze whether insurance was mentioned in connection with cybersecurity, as well as the type.
Download the study to learn more about:
- The importance of reviewing cybersecurity practices and incidents for your clients or organization during the M&A process to understand the potential arisal of risks
- The negative impact of data breaches on M&A transactions, as seen by large corporations such as Marriott and Verizon
- Other factors to consider when performing cybersecurity due diligence, such as internal policies, management team and compliance, among others