Executive summary
This article discusses the significant liabilities that can arise when acquiring a company with inadequate cybersecurity safeguards, including legal penalties and reputational damage. Regulatory bodies are increasingly vigilant, with stringent requirements that can result in heavy fines and sanctions for non-compliance. For example, Quebec’s Commission d’accès à l’information may now impose administrative monetary penalties (AMPs) of up to CAD 10 million or 2% of the company’s worldwide turnover for violations of Quebec’s Act respecting the protection of personal information in the private sector (PPIPS). Additionally, data breaches or cyber incidents occurring post-acquisition can be traced back to pre-existing vulnerabilities, leading to legal disputes and financial losses. Read the full article for more details on:
Verizon’s acquisition of Yahoo in 2017, where the deal’s significant price reduction was due to Yahoo’s disclosure of two massive data breaches affecting over 1 billion user accounts. This case exemplifies the financial and reputational risks associated with acquiring a company with undisclosed or poorly managed…
