In this episode of CHATTINN CYBER, Marc Schein interviews Steven Kuperschmid, Co-Chair of Cybersecurity and Data Privacy at Ruskin Moscou Faltischek PC. Steven is experienced as a corporate M&A and securities lawyer. During the conversation, Steven shares his knowledge about cybersecurity in M&A deals, how (or whether) it impacts contracts and the different phases to setting an effective buyer-seller deal. He also talks about the growing need for cyber insurance in different industries today.
At what point does cybersecurity integration happen within an M&A deal? Steven explains that it depends on the nature of the target’s business. For the middle and upper-middle markets, like manufacturing and distribution, industrial technology, financial services, and healthcare, cybersecurity needs to be a priority. You must know whether the target business has Personally Identifiable Information (PII) – if so, cybersecurity needs to be prioritized irrespective of the industry.
However, cybersecurity doesn’t change different deal structures. Because a deal is chosen for tax reasons to mitigate the buyer’s risk, cybersecurity is a far bigger problem than the signed contract.
As for the signing of a deal, there are different phases:
- The discussion phase, where the buyer assesses the value offered by the seller and considers the different risks that might exist.
- The buyer then assesses the business from a technology point of view, evaluating the seller’s internal policies and cyber hygiene.
- Lastly, a buyer does a lien search, looking at the lien report to gather more information about the buyer and their underlying debt instruments.
Further in the conversation, Steven covers cyber insurance, explaining its relevance and importance in the cyber security industry. Having a good cyber insurance grasp can ensure the buyer can benefit from them during a data breach.
Listen to the conversation for more details!
“Often, deal structure is chosen for tax reasons. But also, it’s chosen to mitigate risk to the buyer. So you may choose an asset deal, because you don’t want to incur any unknown liabilities that you can avoid by choosing an asset structure.”
“I think the first thing the team needs to look at is the nature of the target, what’s the targets business, you know, certain industries present greater risks than others. So if we were buying a company in the healthcare industry, or the financial services industry, it should be a huge focus, and usually is at this point now, now, four years ago, five years ago, maybe it wasn’t as big a focus as it is today. But in those industries, it should be a huge focus.”
“Every deal starts with a discussion of the business terms – the value of what’s being paid, how it’s being paid.”
[00:53] – Steve’s path to becoming one of the most well-known privacy attorneys in Long Island
[10:47] – Does cybersecurity change different deal structures?
[14:29] – The different phases of a buyer-seller deal
[17:19] – A discussion on cyber insurance
Connect with Steven: