From Above the Law, “Most folks currently don’t do cyber due diligence. if you’re buying a company that deals directly with the public and possesses private information Isn’t it worth due diligence to bring a company’s cyber security efforts into compliance.
acquirers could ask a few questions, such as what the target’s most important computer systems are, where sensitive information is stored, and how that information is protected in transit. Diligence questionnaires could ask targets to summarize controls in place to protect information and explain how the company is organized to control this risk. And inquisitive acquirers could certainly ask about any cyber-attacks or data losses that the target has suffered in the past.”