New ABA book offers guidance on cybersecurity due diligence

In today’s data-driven economy, cybersecurity has become a key risk factor in mergers and acquisitions. A new book by the ABA Business Law Section, “Guide to Cybersecurity Due Diligence in M&A Transactions” is designed to assist companies and their counsel in assessing the risks.

With discussions on and lessons learned from recent cyber incidents at Neiman Marcus, Yahoo, Target, Sony Pictures and Volkswagen, the book provides detailed and easy-to-read guidance on identifying and evaluating cybersecurity risks for an M&A deal. Beginning with an introduction to the importance of this issue, “Guide to Cybersecurity Due Diligence” will help lawyers understand the key requirements and importance of the cybersecurity due diligence process that should be part of every M&A transaction, including:

• Identification of the target’s high-value digital assets, and evaluation of the relative importance of those assets to the target’s business

• Evaluation of the status of the target’s cybersecurity regulatory compliance

• Impact of due diligence on the proposed transaction

• Evaluation of the target’s overall resilience and general ability to withstand a direct cyber-attack on its digital assets

• Emerging challenges to cybersecurity due diligence

The appendix includes a listing of common U.S. data security laws and regulations.

“Guide to Cybersecurity Due Diligence in M&A Transactions” is a collaborative work by a team of attorneys who are leading professionals in the fields of corporate governance and cybersecurity, and is edited by Thomas J. Smedinghoff and Roland Trope.
Smedinghoff is of counsel in the Privacy & Cybersecurity practice group in the Chicago office of Locke Lord LLP. His practice focuses on the developing field of information law and electronic business activities, with an emphasis on electronic transactions, identity management, data security, privacy and corporate information governance issues.

Trope is a partner in the New York offices of Trope and Schramm LLP. He advises allied governments and contractors on defense procurements, protection and licensing of intellectual property, cross-border tech transfers, export controls, economic sanctions regulations, anti-corruption laws, cybersecurity for infrastructure enterprises and ethics regulations for government contractors.