In this episode of CHATTINN CYBER, Marc Schein interviews John Jenkins, Senior Editor and Law Firm Partner at TheCorporateCounsel.net and Calfee, Halter & Griswold LLP. During the conversation, John explains his journey to heading one of the most regarded M&A news centres in the US, cybersecurity risk assessment, and effective client management.
Discussing the issues to be addressed in the negotiation of M&A agreements, John explains how smart buyers, from the outset, would be already invested in assessing the post-closing issues, integration, operations, handling contacts and the like. Depending on the nature of the transaction and the parties’ sophistication, different professionals are assigned to clients to handle the cybersecurity assessment. In addition, when dealing with large firms with data breaches in the past, a separate team of forensic consultants is assigned to better understand the client’s needs.
Cybersecurity assessment needs to be the front and center for every buyer and seller. To win buyers, sellers need to showcase an infallible track record. To assess a company in a limited period, you would have to perform a risk assessment and then suitably allocate resources. Unless you do a risk assessment at the outset, resource allocation might not be clear.
Further in the conversation, John explains the latest trends in sealing deals. As he shares, there’s been an increase in deals engaging reps and warranties coverage over the years.
Towards the close of the episode, John shares that cybersecurity assessment is part of a dynamic regulatory environment. Over time, it’s only going to get more complicated for both parties (buyers and sellers) to scope the issues early on in any potential transaction.
Listen in to get a detailed picture of cybersecurity risk assessment with clients.
“What’s the environment we’re dealing with here? How sophisticated is the seller, where its risks, what are its compliance environment?”
“If you’re a cyber person, that’s where you look. But you may have competitive situations where your your due diligence opportunities are going to be somewhat limited and targeted, you’re to get through to next rounds, you may have some more confirmatory due diligence at the end.”
“So you have to do a risk assessment, and you kind of have to allocate resources based on your assessment of the risks, and obviously, the more sophisticated the risk assessor is, the better off that that process can be. So, it is something that needs to be done at the outset. Because unless you do it at the outset, you’re not going to be able to engage in a really fully informed risk assessment process to allocate those resources.”
[01:00] – John’s cybersecurity journey
[02:15] – Cybersecurity and M&A transactions
[09:44] – Front end, Back end, and Due diligence evaluation
[11:58] – Is there an increase in deals engaging reps and warranties coverage?
Connect with John: