During Akin Gump Strauss Hauer & Feld LLP’s most recent cybersecurity event, “Tackling Cybersecurity in the Boardroom,” hosted on November 12, 2015, our panels discussed a number of issues facing directors.
One particular area of interest focused on certain merger and acquisition (M&A) cybersecurity considerations, specifically (1) when a company is in the middle of an M&A transaction and (2) the role of directors who serve on multiple boards.
Following is an overview of those considerations:
Companies are at increased risk during the time of an acquisition:
- They may not be fully investing in updates and system upgrades.
- Data shows an average of 200+ days for companies to detect advanced persistent threats, so the impact of a cyber deficiency in an acquired company may not be visible immediately.
- The acquirer may not be engaged sufficiently on cyber and information technology issues immediately after its investment to catch weaknesses and allocate resources quickly.
Directors who serve on multiple boards of directors face special issues:
- Cybersecurity is an enterprise risk management issue that must be evaluated to meet fiduciary duty standards.
- Boards cannot simply rely on management, and they should be aware of comparative cybersecurity practices with other companies on whose boards they serve.