Culhane Meadows’ co-founder and managing partner Heather Haughian was recently featured in an article by Dark Reading which discusses the importance of cybersecurity due diligence in mergers and acquisitions.
Here are a few excerpts from the article:
Imagine getting ready to spend billions of dollars on an acquisition, only to find out that the target of the acquisition was the victim of multiple cyberattacks affecting billions of accounts. One would think such a scenario would be a huge red flag that no corporate board or general counsel would ever forget, regardless of the size of the acquisition, but that clarion call does not seem to be heard universally.
The right time to start evaluating the cybersecurity risk profile of an acquisition target, experts agree, is early on in the due diligence process. Too often due diligence is limited to balance sheets, sales operations, and outstanding legal obligations, with cybersecurity, compliance, and technical compatibility of security tools left to the end of the discussion, if they are discussed at all.
Cyber criminals often watch mergers and acquisitions activity, looking for a potentially weak target being acquired by a stronger company, especially one that might have a lot of valuable information for the cybercrooks, notes Heather Clauson Haughian, founder and managing partner at the Atlanta-based law firm Culhane Meadows. Once the acquisition goes through, it would not be uncommon for the target firm to get attacked with the hopes of breaching a weak link and thus accessing the more lucrative part of the merged companies.
Another vulnerability occurs when organizations with differing compliance requirements join, Haughian says. While the acquiring organization might be well versed in its own compliance reporting requirements, it might not have the same expertise with the company it acquires.
If the acquiring company does not employ compliance experts for the acquired company’s operations, there could be a gap in compliance reporting, along with missed opportunities to layer security controls over the acquired company, leaving it vulnerable to a cyberattack, she says.
Read the entire article HERE.