The data protection and cyber security landscape is littered with examples of companies that have suffered serious operational failures following merger and acquisition activity or from not maintaining vigilance over their existing systems. In 2015 a leading communications company suffered international negative publicity due to a cyber security breach relating to an acquired business. In 2020 the UK Information Commissioner imposed a record-breaking fine in another case with similar dynamics.
What is going on?
Root-cause analysis suggests that due diligence in M&A activity might be responsible as a contributing factor. Perhaps DD isn't asking the right questions. Perhaps the DD adviser isn't data and cyber aware. And has the business kept its historic systems up to date? Where would liability sit for a critical outsourced systems provider (for example) were to suffer a cyber-attack?
Where is this heading?
Like it or not, data and cyber operational failures routinely turn into litigation problems, where individuals sue businesses for compensation and companies turn on their contracting partners to shift their liabilities. And, of course, this leads directly to questions about insurance and what is covered if DD fails to prevent the acquisition of risk in the M&A.
The webinar recording
In this session we explore the dynamics of these risks, looking at what can be done in DD to reduce risk levels and the roles played by insurance policies for warranties and indemnities.
If you have any questions or would like to discuss any of the topics covered in the webinar, please get in touch with one of our experts below.