When and How Legal and Information Security Should Engage on Cyber Strategy: Vendors and M&A (Part Three of Three)

Effective cybersecurity strategy requires the legal and security functions to work together when assessing third parties, either in the context of hiring a vendor or merging with or acquiring a new company. “I don’t think they’re coordinating very well,” Akin partner Michelle Reed told the Cybersecurity Law Report. With insight from Reed and technical experts, this third installment of our three-part series on when and how legal and security professionals should be communicating to build strong working relationships for a robust cybersecurity and data privacy program tackles coordination between the two teams on vendor assessments, M&A due diligence and combatting insider threats. Part two examined how both teams can coordinate on incident response and to assess risk and privacy impact. Part one covered how to structure corporate governance for optimal collaboration between these two groups. See also “Effective M&A Contract Drafting and Internal Cyber Diligence and Disclosure” (Dec. 20, 2017) and “Mitigating Cyber Risk in M&A Deals and Third-Party Relationships” (Jul. 6, 2016).

To read the full article

Continue reading your article with a CSLR subscription.