Cybersecurity Considerations During M&A Phases

In brief: Directors of companies involved in transactions should approach cybersecurity diligence with a two-pronged approach: 1) assess the target company’s cyber risks and their impact on the business deal both during and after the transaction, and 2) prepare for the increased potential of a cyberattack during the transaction itself. This tool, which originally appeared in the NACD Director’s Handbook on Cyber-Risk Oversight, provides steps for performing cybersecurity due diligence before, during, and after the transaction.

This resource can help your board

  • Understand how cybersecurity vulnerabilities can pose risks to a deal’s value in both the short and long term.
  • Conduct an analysis of the target company’s cyber risks during the due diligence and deal execution phases.
  • Continue to mitigate cyber risks in the integration phase.

Most relevant audiences: directors of companies undergoing a transaction, risk committee members, audit committee members, and chief information security officers.