Cybersecurity due diligence is buyer-side review of the target’s information security posture, including data handling practices, incident history, regulatory compliance under privacy and notifiable data breach laws, third-party software dependencies, and the integrity of customer and employee data. In Australian sub-$20M deals, cybersecurity due diligence has moved from being specific to technology businesses to being increasingly standard for any business handling material customer data.
Findings can affect deal price, generate specific indemnities, or trigger conditions precedent requiring remediation before completion.