Co-Founder Heather Haughian featured in an article by Dark Reading about Cyber Due Diligence in M&As

Culhane Meadows’ co-founder and managing partner Heather Haughian was recently featured in an article by Dark Reading which discusses the importance of cybersecurity due diligence in mergers and acquisitions.

Here are a few excerpts from the article:

Imagine getting ready to spend billions of dollars on an acquisition, only to find out that the target of the acquisition was the victim of multiple cyberattacks affecting billions of accounts. One would think such a scenario would be a huge red flag that no corporate board or general counsel would ever forget, regardless of the size of the acquisition, but that clarion call does not seem to be heard universally.

The right time to start evaluating the cybersecurity risk profile of an acquisition target, experts agree, is early on in the due diligence process. Too often due diligence is limited to balance sheets, sales operations, and outstanding legal obligations, with cybersecurity, compliance, and technical compatibility of security tools left to the end of the discussion, if they are discussed at all.

Assessing Vulnerabilities

Cyber criminals often watch mergers and acquisitions activity, looking for a potentially weak target being acquired by a stronger company, especially one that might have a lot of valuable information for the cybercrooks, notes Heather Clauson Haughian, founder and managing partner at the Atlanta-based law firm Culhane Meadows. Once the acquisition goes through, it would not be uncommon for the target firm to get attacked with the hopes of breaching a weak link and thus accessing the more lucrative part of the merged companies.

Another vulnerability occurs when organizations with differing compliance requirements join, Haughian says. While the acquiring organization might be well versed in its own compliance reporting requirements, it might not have the same expertise with the company it acquires.

If the acquiring company does not employ compliance experts for the acquired company’s operations, there could be a gap in compliance reporting, along with missed opportunities to layer security controls over the acquired company, leaving it vulnerable to a cyberattack, she says.

Read the entire article HERE.

*Culhane Meadows is ranked by U.S. News/Best Law Firms in Technology Law, Bankruptcy/Reorganization Law, and Information Technology Law. This website and the communications herein may be considered attorney advertising. Previous results are not a guarantee of future outcome. This website is for informational purposes only and does not constitute legal advice. The information herein is not intended to create an attorney-client or similar relationship. Until you establish such a relationship and receive an engagement letter, you have not hired a Culhane Meadows attorney nor become a client of the firm. Whether you are a new or existing client of the firm, Culhane Meadows must determine that there is no conflict of interest and that it is willing and otherwise able to accept the new engagement before representing you on a new matter. Only if and after Culhane Meadows has informed you it is willing and able to accept your new matter should you send the firm any information or documents that you consider private or confidential. Such information will not be treated as private, confidential or otherwise protected from disclosure until Culhane Meadows has communicated in writing that it is willing and able to accept your new matter and provide you with legal counsel. Whether you need legal services and which lawyer or law firm you select are important decisions that should not be based on this website alone.

Accessibility Toolbar