Major cyber-attacks, like the one that targeted the Colonial Pipeline in May of 2021, may seem new and newsworthy to many. The reality is that the fuel service slowdowns Colonial faced are just one of the countless incidents that reduced or even stopped business altogether for firms across the country last year.
Key things you should know about cyber due diligence during M&A transactions
Cybersecurity due diligence represents a critical phase in the M&A transaction lifecycle. Without proper review, something that seems insignificant like an old computer system or the lack of proper security controls could cause problems during the integration phase or even prevent a close altogether. Understanding a company’s cyber risk profile can have large implications on the valuation of a company, the nature of the terms, and the future likelihood of a cyber-attack being catastrophic or not.
The cyber due diligence process begins by looking at the current coverages a company has. The loss history is assessed, and any prior breaches are examined. Understanding the current cyber risk exposures as well as the history of losses then aids in structuring the cyber due diligence that will cover the buyer if anything were to happen in the future.
Often, when cyber due diligence is left for last or overlooked entirely, the sell-side company will say they have adequate controls in place, and there should be no cause for concern. Then, years later, a loss occurs, and the buyer is left paying massive fees to fix the problem themselves. In cases like these, a different program called Representations and Warranties Insurance (RWI) could be added to provide excess coverage over the existing cyber policy. These decisions ultimately shape the profitability of the transaction as a whole.
Obtaining cyber due diligence as early in the process as possible ensures that the buy-side company will not have to deal with these issues. Having the cyber be a point of focus earlier rather than later in the due diligence process enables your broker to negotiate a tail that will cover future losses that result from past issues that go undiscovered.
Reach out to a BKS Advisor in our Private Equity Practice Group to discuss your unique risks and how we
Individuals and companies who need help navigating the complexities of insuring their assets should lean on experts who have proven success in helping clients get the coverage they need, even in a hard market. Contact us today to learn more about how we can help you assess your risk profile and protect your assets and investments.
This material has been prepared for informational purposes only and was generated from information provided to BKS from the client and/or third-party sources. Therefore, BKS makes no warranty or representation(s) as to the accuracy or appropriateness of the data and/or the analysis herein. This information is not intended to provide, and should not be relied on for, tax, legal or accounting advice. You should consult your tax, legal and accounting advisors for those services