Guides & Studies

“Buying a Breach”: Cybersecurity in M&A Due Diligence

Download the study to learn more about:

  • The importance of reviewing cybersecurity practices and incidents for your clients or organization during the M&A process to understand the potential arisal of risks
  • The negative impact of data breaches on M&A transactions, as seen by large corporations such as Marriott and Verizon
  • Other factors to consider when performing cybersecurity due diligence, such as internal policies, management team and compliance, among others

Sign up for your free download

By submitting this request, you agree to Litera and Kira Systems using your contact information to communicate information about Kira Systems’ solutions and Litera services and offerings. We will likely need to transfer your data to locations outside the jurisdiction in which you provide it or where you are viewing our website. You may review our privacy policy or opt-out by contacting Kira Systems.

After the second quarter of 2020 saw the lowest levels of global mergers and acquisitions in over a decade (US$485 billion, down over 50 percent from nearly $1 trillion last year), the trend is now pointing towards recovery. As M&A resumes, companies must prepare for the resurgence of legal due diligence work, including the growing importance of data privacy and security.

Cybersecurity issues carry significant implications for deal terms, deal value, and post-closing liability. With the risks resulting from the mass transition to remote working, having a comprehensive understanding of a target company’s cybersecurity risk profile is now even more crucial.

As a result, prospective purchasers must perform proper due diligence on target companies to learn of any data breaches and to ensure that appropriate safeguards are deployed against potential cyberattacks. If not, data breaches can result in a multitude of consequences, including unexpected remediation costs, loss of business, litigation and government fines.

In this study, we reviewed and analyzed Annual Reports on Form 10-K filed by companies in the Fortune 100 on EDGAR to determine the prevalence of cybersecurity incidents disclosed in risk factor disclosures, whether those incidents rose to a significant or material level, and to analyze whether insurance was mentioned in connection with cybersecurity, as well as the type.

Trusted by the world's largest Law, Commercial, IT and Professional Service firms
Allen & Overy
DLA Piper
Clifford Chance
Latham & Watkins