Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Sniff Out a Company's 'Data Hygiene' as Part of Your Due Diligence

By Casey C. Sullivan, Esq. on September 20, 2016 | Last updated on March 21, 2019

A data breach can tarnish a company's reputation and end up costing millions. And yet, when companies consider new acquisitions, questions about data and cybersecurity often go unasked.

That could be changing, though, as corporations start adding cybersecurity to their pre-M&A due diligence, sniffing out a potential partner's "data hygiene" before any deal is done.

Cyber Due Diligence as Your Duty

The ethical case for cyber due diligence will be made by K2 Intelligence's senior managing director Austin Berglas at ALM's CyberSecure conference later this month. Berglas, who specializes in cyber due diligence, will be presenting on the increased need to consider potential data vulnerabilities prior to M&A's -- that is, of the need to look in to another's "cyber hygiene" or "data hygiene."

(Those terms are new to us, but we like them: after all, what is proper data protection if not the hi-tech equivalent of making sure you brush after every meal.)

Legaltech News's Gabrielle Orum Hernandez recently spoke with Berglas about his arguments for cyber due diligence. "Cyber due diligence is just another piece to the massive job of risk management inside an organization," Berglas said. "It's just newer than the old-school providing finances, IP, customers, and sales pipelines that isn't normally asked for in the merger or acquisition."

Caveat Emptor

Berglas also suggests that you look not just at the state of a company's data security itself, but the corporate awareness of cybersecurity generally. "You also want to know about the cyber awareness in the organization. It's a key indicator, if the board is briefed on cyber trends and cyber hygiene," he told Hernandez.

Of course, as in most things, the onus often lands on the buyer. "If you're purchasing a company that has an ongoing infection or there is an active infiltration, when you start to integrate your systems, you're going to inherit that problem," Berglas said. In other words: make sure any acquisitions have impeccable data hygiene, lest their stench rub off on you.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard