Skip to main content

Are you a legal professional? Visit our professional site

Search for legal issues
For help near (city, ZIP code or county)
Please enter a legal issue and/or a location

Sniff Out a Company's 'Data Hygiene' as Part of Your Due Diligence

Article Placeholder Image
By Casey C. Sullivan, Esq. on September 20, 2016 3:57 PM

A data breach can tarnish a company's reputation and end up costing millions. And yet, when companies consider new acquisitions, questions about data and cybersecurity often go unasked.

That could be changing, though, as corporations start adding cybersecurity to their pre-M&A due diligence, sniffing out a potential partner's "data hygiene" before any deal is done.

Cyber Due Diligence as Your Duty

The ethical case for cyber due diligence will be made by K2 Intelligence's senior managing director Austin Berglas at ALM's CyberSecure conference later this month. Berglas, who specializes in cyber due diligence, will be presenting on the increased need to consider potential data vulnerabilities prior to M&A's -- that is, of the need to look in to another's "cyber hygiene" or "data hygiene."

(Those terms are new to us, but we like them: after all, what is proper data protection if not the hi-tech equivalent of making sure you brush after every meal.)

Legaltech News's Gabrielle Orum Hernandez recently spoke with Berglas about his arguments for cyber due diligence. "Cyber due diligence is just another piece to the massive job of risk management inside an organization," Berglas said. "It's just newer than the old-school providing finances, IP, customers, and sales pipelines that isn't normally asked for in the merger or acquisition."

Caveat Emptor

Berglas also suggests that you look not just at the state of a company's data security itself, but the corporate awareness of cybersecurity generally. "You also want to know about the cyber awareness in the organization. It's a key indicator, if the board is briefed on cyber trends and cyber hygiene," he told Hernandez.

Of course, as in most things, the onus often lands on the buyer. "If you're purchasing a company that has an ongoing infection or there is an active infiltration, when you start to integrate your systems, you're going to inherit that problem," Berglas said. In other words: make sure any acquisitions have impeccable data hygiene, lest their stench rub off on you.

Related Resources:

Find a Lawyer

More Options