John Silas Jack Reed (1887-1920) was an American journalist, poet, and socialist activist, best remembered for his first-hand account of the Bolshevik Revolution, Ten Days That Shook the World. He was married to writer and feminist Louise Bryant. Reed died in Russia in 1920 and is one of only three Americans buried in the Kremlin Wall Necropolis. Reed's short life as a revolutionary writer and activist made him the hero of a generation of radical intellectuals.
Cybersecurity due diligence is rapidly becoming a critical factor of the decision-making calculus for a corporation contemplating a merger, acquisition, asset purchase or other business combination; an organization taking on a new vendor, partner or other alliance; or a private equity firm purchasing a new portfolio company.
In every industry, cybersecurity weaknesses represent a significant threat to the operations, reputation and the bottom line of all companies, whatever their size and wherever their location. Poor cybersecurity at any company creates tremendous risk for any suitor who buys that company, merges with that company, partners with that company or hires that company as a vendor. The mantra underlying cybersecurity due diligence concerns is simple: No matter what the terms, when adding, partnering or working with another enterprise, a company is taking on that company’s data troubles and attendant data risks. Consider corporate business combinations and corporate vendor management:
Corporate Business Combinations. For corporate mergers and acquisitions and other changes in control, vigorous cybersecurity due diligence not only better informs deal terms and deal value but can also signal early deal-breakers, saving buyers from unforeseen financial costs, regulatory liabilities, technological integration headaches or even bankruptcy. Aside from offering additional opportunities to more closely assess the risk of business combinations, cybersecurity due diligence analysis can impact valuation and contracting issues as well. Without a fully developed understanding of a company’s cybersecurity profile, a company cannot:
• Fully appreciate the value of another company, whether acquisition target, partner or vendor;
• Meaningfully identify and execute whatever opportunities exist for strengthening cybersecurity; and
• Thoughtfully draft data-related provisions in the transaction’s or vendor’s agreements, so that where possible, parties can implement post-transaction cybersecurity solutions.
Corporate Vendor Management. For corporate vendor management, cybersecurity due diligence has become similarly essential. Given that cyber-attackers will often traverse a company’s network and gain entry into the networks of its vendors or vice versa, third-party vendors have become one of the more prevalent attack vectors in the most recent cyber-attacks, as cybersecurity shortcomings of third-party vendors have become a cybercriminal’s dream.
Cyber risks are real and costly, and the most forward-thinking companies assess the cyber health and safety of an enterprise before committing to a significant investment or relationship. Likewise, a company or vendor can strengthen its attractiveness as a partner or a takeover target by conducting “self” cybersecurity due diligence to demonstrate the fitness of its enterprise.
The stakes are extraordinarily high for everyone involved when contemplating cybersecurity. That is why I wrote The Cybersecurity Due Diligence Handbook. My goal is to present highly technical cybersecurity subject matter in plain English and to help due diligence teams identify and manage cybersecurity risk. I want to empower due diligence teams with a thorough and comprehensive reference resource – no matter how complex and dynamic the merger, acquisition, partnership, vendor relationship or other contemplated business combination and collaboration.