In our Seat with an Expert video series, A&M Disputes and Investigations practitioners highlight key trends and developments in global disputes, investigations and compliance, forensic technology, and cybersecurity and provide expert analysis and insights into key issues affecting companies worldwide.
In this video, cybersecurity expert and Managing Director, Lorenzo Grillo, provides insights into these key issues:
- What cyber risk trends are you seeing in M&A activities?
- What are the best practices for conducting cyber due diligence?
*Chambers and Partners recognized Alvarez & Marsal in the 2022 Cybersecurity Risk guide.
Transcript:
What cyber risk trends are you seeing in M&A activities?
Nowadays, cyber due diligence is requested more frequently due to the possible important financial, reputational and compliance impacts related to a cyberattack. Usual questions include: is the target able to respond efficiently and effectively to an attack? Is the buyer aware of the business implications of this cyber crisis? Another question I'm usually asked, is if cyber risk is a deal breaker. Often times it is not, but performing cyber due diligence allows insight for the buyer into what investment may be made to reach an acceptable level of cyber security as soon as the deal is finalized. An interesting part is also a new trend in trying to manage the cyber risk inside the governance pillar of ESG, as the cyber risk impacts company resilience and sustainability.
What are the best practices for conducting cyber due diligence?
First of all, due to the usual lack of detailed information and the short timeframe available, senior cybersecurity experts should have a clear methodology and approach to assess the cyber posture of the target company, understanding their resilience to a cyber attack. Then the cyber posture should be compared with market benchmarks in order to understand the position against sector peers. To obtain quick results in mitigating cyber risk, it is key to focus on the short term initiatives and investment needed, one-off and recurring. Moreover, cyber risk should be seen as part of the ESG strategy and related framework. In other words, cyber risk quantification framework should be included in the ESG framework.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
