Cybersecurity For M&A Deals With Steven Kuperschmid

In this episode of CHATTINN CYBER, Marc Schein interviews Steven Kuperschmid, Co-Chair of Cybersecurity and Data Privacy at Ruskin Moscou Faltischek PC. Steven is experienced as a corporate M&A and securities lawyer. During the conversation, Steven shares his knowledge about cybersecurity in M&A deals, how (or whether) it impacts contracts and the different phases to setting an effective buyer-seller deal. He also talks about the growing need for cyber insurance in different industries today.

At what point does cybersecurity integration happen within an M&A deal? Steven explains that it depends on the nature of the target’s business. For the middle and upper-middle markets, like manufacturing and distribution, industrial technology, financial services, and healthcare, cybersecurity needs to be a priority. You must know whether the target business has Personally Identifiable Information (PII) – if so, cybersecurity needs to be prioritized irrespective of the industry.

However, cybersecurity doesn’t change different deal structures. Because a deal is chosen for tax reasons to mitigate the buyer’s risk, cybersecurity is a far bigger problem than the signed contract.

As for the signing of a deal, there are different phases:

  • The discussion phase, where the buyer assesses the value offered by the seller and considers the different risks that might exist.
  • The buyer then assesses the business from a technology point of view, evaluating the seller’s internal policies and cyber hygiene.
  • Lastly, a buyer does a lien search, looking at the lien report to gather more information about the buyer and their underlying debt instruments.

Further in the conversation, Steven covers cyber insurance, explaining its relevance and importance in the cyber security industry. Having a good cyber insurance grasp can ensure the buyer can benefit from them during a data breach.

Listen to the conversation for more details!

Highlights:

“Often, deal structure is chosen for tax reasons. But also, it’s chosen to mitigate risk to the buyer. So you may choose an asset deal, because you don’t want to incur any unknown liabilities that you can avoid by choosing an asset structure.”

“I think the first thing the team needs to look at is the nature of the target, what’s the targets business, you know, certain industries present greater risks than others. So if we were buying a company in the healthcare industry, or the financial services industry, it should be a huge focus, and usually is at this point now, now, four years ago, five years ago, maybe it wasn’t as big a focus as it is today. But in those industries, it should be a huge focus.”

“Every deal starts with a discussion of the business terms – the value of what’s being paid, how it’s being paid.”

Time-Stamps:

[00:53] – Steve’s path to becoming one of the most well-known privacy attorneys in Long Island

[10:47] – Does cybersecurity change different deal structures?

[14:29] – The different phases of a buyer-seller deal

[17:19] – A discussion on cyber insurance

Connect with Steven:

Website: https://www.linkedin.com/in/steven-kuperschmid-024375155

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cybersecurity Risk Assessment For Clients With John Jenkins

In this episode of CHATTINN CYBER, Marc Schein interviews John Jenkins, Senior Editor and Law Firm Partner at TheCorporateCounsel.net and Calfee, Halter & Griswold LLP. During the conversation, John explains his journey to heading one of the most regarded M&A news centres in the US, cybersecurity risk assessment, and effective client management.

Discussing the issues to be addressed in the negotiation of M&A agreements, John explains how smart buyers, from the outset, would be already invested in assessing the post-closing issues, integration, operations, handling contacts and the like. Depending on the nature of the transaction and the parties’ sophistication, different professionals are assigned to clients to handle the cybersecurity assessment. In addition, when dealing with large firms with data breaches in the past, a separate team of forensic consultants is assigned to better understand the client’s needs.

Cybersecurity assessment needs to be the front and center for every buyer and seller. To win buyers, sellers need to showcase an infallible track record. To assess a company in a limited period, you would have to perform a risk assessment and then suitably allocate resources. Unless you do a risk assessment at the outset, resource allocation might not be clear.

Further in the conversation, John explains the latest trends in sealing deals. As he shares, there’s been an increase in deals engaging reps and warranties coverage over the years.

Towards the close of the episode, John shares that cybersecurity assessment is part of a dynamic regulatory environment. Over time, it’s only going to get more complicated for both parties (buyers and sellers) to scope the issues early on in any potential transaction.

Listen in to get a detailed picture of cybersecurity risk assessment with clients.

Highlights:

“What’s the environment we’re dealing with here? How sophisticated is the seller, where its risks, what are its compliance environment?”

“If you’re a cyber person, that’s where you look. But you may have competitive situations where your your due diligence opportunities are going to be somewhat limited and targeted, you’re to get through to next rounds, you may have some more confirmatory due diligence at the end.”

“So you have to do a risk assessment, and you kind of have to allocate resources based on your assessment of the risks, and obviously, the more sophisticated the risk assessor is, the better off that that process can be. So, it is something that needs to be done at the outset. Because unless you do it at the outset, you’re not going to be able to engage in a really fully informed risk assessment process to allocate those resources.”

Time-Stamps:

[01:00] – John’s cybersecurity journey

[02:15] – Cybersecurity and M&A transactions

[09:44] – Front end, Back end, and Due diligence evaluation

[11:58] – Is there an increase in deals engaging reps and warranties coverage?

Connect with John:

Website: https://www.linkedin.com/in/john-jenkins-7449761b3/?trk=public_profile_browsemap