M&A Due Diligence - Beware the Hidden Cyber Risks
In the cyber security and data protection review of your M&A due diligence have you ever wondered what BYOD, PII breach, BI event, pen testing and tokenisation mean?
This introductory level webinar is aimed at corporate lawyers needing to grapple with:
- The various terms and acronyms used in the cyber industry
- Areas to address in cyber due diligence
- Typical cyber risk warranties and indemnities needed
- Ways to protect your client's interests from cyber risks
You will be provided with a useful crib sheet of terms and issues and gain better understanding of the cyber risks in an M&A transaction.
What You Will Learn
The webinar will cover the following:
- What assets are at risk from cyber breach, tangible and intangible and what can be lost?
- Vulnerabilities - people and culture, process and organisations, technology and infrastructure
- Threats - human error, remote work force, BYOD, supply chain, disgruntled customers or employees, hackers
- Buyer due diligence including system testing, information technology security, pen-testing results & recommendations, data segregation, access control, air-gap, firewall, anti-virus, 2 factor authentication, E2E / P2P encryption, tokenisation, application white listing and bug bounty
- Risk evaluation including unique personal records, healthcare information, credit cards, embedded systems, operational technology and known unknowns
- Appropriate representations, warranties and indemnities
- The relevant strength of buyer and seller security programs
- Cyber risk and insurance - peril gaps not covered by other insurance
- Costs to be covered
- Getting the best out of your specialist data protection and IT law colleagues, the client and the client's other advisers through the process
- Lessons drawn from recent cases including British Airways, Merck, Wonga, Bupa, Three Mobile, Tesco Bank, Sage and Marriott
This pre-recorded webinar will be streamed at 12:30pm on Tuesday 30th April 2019 and will remain available to view by delegates who have registered by then for 90 days.