MAJOR TOPICS:
Cyber breach preventative strategies
Cyber written policies and procedures
Response during and after a cyber crisis
GDPR
Third-party vendor issues
Best practices for the middle market
Corporate and board best practices
Cyber Insurance
Transactional effects and deal due diligence
Notable legal precedent
2. 1
Expert Webcast is a sophisticated source of expertise for the
professional and the business communities locally, nationally and
cross-border.
Producing the industry’s leading webcast panels covering corporate,
M&A, restructuring and finance topics, Expert Webcast features
foremost experts in law accounting and finance, and addresses timely
and relevant issues faced by general counsel, C-level executives,
boards of directors, business owners and their advisors, as well as
institutional investors.
We welcome you to join our upcoming video webcasts or visit our on-
demand library to access recorded programs: www.expertwebcast.com.
3. 2
MODERATOR: Alex Kasdan, Senior Managing Director, DelMorgan &
Co., brings more than twenty-five years of senior-level Wall Street advice to
middle market companies, entrepreneurs and institutional investors. He has
extensive experience in investment banking, corporate law and restructuring at
world’s leading firms, including Credit Suisse First Boston, O’Sullivan Graev &
Karabell LLP (now O'Melveny & Myers LLP), Battle Fowler LLP (now Paul
Hastings LLP) and Schlumberger Ltd., and as a founding partner of
Convergence Capital Partners. Alex has worked on more than 100 domestic and
cross-border transactions in North America, Europe and Africa.
Alex is a Senior Advisor to Governance and Transactions LLC, an advisory firm
established in 2003 by Mr. James L. Gunderson, former Secretary and General
Counsel of Schlumberger Limited, to assist boards, management and owners
with corporate governance, compliance, structuring and strategic transactions.
Alex is a frequent moderator and an interviewer at Expert Webcast roundtable
discussions attracting business leaders and leading professionals from around
the world.
Alex graduated magna cum laude from Middlebury College with a B.A. degree
in Economics and Italian and was elected to Phi Beta Kappa during his junior
year. In addition, he holds a J.D. degree from Columbia University Law School
and has studied at the University of Florence in Italy.
100 Wilshire Blvd.
Suite 750
Santa Monica, CA 90401
+1 310 980 1718 mobile
+1 310 935 3826 office
ak@delmorganco.com
www.delmorganco.com
4. 3
Panelist: Greg Reber is the Founder and CEO of AsTech, a leading
information security consulting firm.
Since its founding in 1997, AsTech has established itself as a leading cyber
security risk management firm dedicated to helping organizations discover
and remediate vulnerabilities in their Internet applications, infrastructure
and critical systems.
AsTech has a well-established Mergers & Acquisitions (M&A) Technology
and Security Due Diligence practice offering either a Rapid Assessment,
covering key areas and identifying potential risks, or a Comprehensive
Assessment, involving greater in-depth analysis, testing and cost factors.
For customers of its Paragon Security Program, AsTech offers a warranty
of $5 million against damages from data breaches, making it the largest
monetary guarantee for cyber security products and services in the world.
Greg has an engineering degree from the University of Maryland and
started his career as an aerospace engineer, then subsequently served as
an international trade consultant in the aeronautical industry. He is a
member of a number of professional organizations including the Computer
Security Institute (CSI), Information Systems Audit and Control
Association (ISACA) and the Open Web Application Security Project
(OWASP).
700 Larkspur Landing Circle
Suite 199
Larkspur, CA 94939
T 415.291.9911
C 415.786.7857
greg.reber@astechconsulting.com
www.AstechConsulting.com
5. 4
Panelist: Jessica A. Robinson is Founder & CEO of PurePoint International. She stands for safety,
freedom, and inclusion. She worked with a Fortune 50 company leading and supporting a $600M business
and worked with the 2015 US Open. She has completed safety & security trainings for nearly 500 people
from 14 different countries and has created and consulted on cyber risk mitigation plans for international
organizations.
Her vision for a safe and empowered workplace became PurePoint International.
Founded by Ms. Robinson, PurePoint International, a holistic boutique security firm, is the #1 security
company for women owned & women-led businesses globally. PurePoint International is a social enterprise
that bridges the gap between physical and cyber security. With their unique business model and launch of
their new innovative training, Safe Spaces Organizational and Leadership Training, PurePoint was recently
awarded the JCI Philippines-New York ICON Award for International Affairs and Women’s Security.
As CEO of PurePoint International, Ms. Robinson helps people and companies to be safe, and helps
companies protect their profitability and their reputation. As a security expert and outsourced CISO/CSO,
she provides cyber technology solutions, conducts risk assessments and employee training on cyber and
physical security, information protection, and threat prevention. PurePoint International provides affordable
physical security and cybersecurity consulting services for financial services, law firms, health services,
social enterprises, international non-profits, conscious business leaders in journalism, fashion, beauty,
retail, luxury, and women founded, owned or led businesses. Through their program Security for Social
Impact, PurePoint International provides no-cost services to organizations with an operating budget of
$1.5M or less.
Ms. Robinson has spoken at the Social Venture Network Conference, United Nations, Microsoft, Filipino
Press Club NYC, Tribeca Film Festival Anti-Summit, Kaplan International, William Patterson University,
NAWBO-NYC, OWASP-Brooklyn, ACEDS Conference, Commission on the Status of Women Conference
(CSW), Peace Conference at the United Nations, and numerous other organizations, has published articles
with various publications including Security Director Magazine, and was selected as a 2015 Women of
Distinction by Women of Distinction Magazine. Ms. Robinson has been featured in the BBC, CNN and
interviewed by numerous talk shows, radio shows and podcasts and is a Women’s Media Center SheSource
Expert.
929-800-1184
@JessRobin96
#1 Best Selling Co-author,
Mission Unstoppable
www.facebook.com/PurePo
intInternational
www.the-PurePoint.com
6. 5
Panelist: James M. Westerlind, Counsel at Arent Fox LLP, focuses on cyber
risk issues, including insurance coverage and potential data breach liability for
companies and their board members.
His practice also focuses on resolving insurance and reinsurance disputes,
including insurance and reinsurance coverage issues on behalf of policyholders
and carriers. James has also represented brokers, agents, and MGAs in disputes
with insurance and reinsurance carriers.
James has substantial litigation experience in both state and federal trial courts
within and outside of New York, representing plaintiffs and defendants in
insurance and noninsurance disputes. In addition to insurance litigation, he has
defended a number of prominent US companies in product liability actions. He
has also defended toxic tort cases. He has first-chaired applications for
emergency relief, evidentiary hearings for emergent relief, and contempt
hearings. He tried a major jury trial in the Southern District of Florida, obtaining
a jury verdict finding that a life insurance policy was valid and enforceable,
despite the jury finding that the trust that owned the policy made material
misrepresentations in the policy’s application and engaged in a civil conspiracy to
defraud the insurance company and engage in a stranger-originated life insurance
(STOLI) scheme.
James holds a J.D. from St. John’s University School of Law and a Bachelor’s
degree from State University of New York at Stony Brook.
1675 Broadway
New York New York 10019
212-457-5462
james.westerlind@arentfox.com
www.arentfox.com
7. 6
Panelist: Alex C. Nisenbaum is an associate in the Health Sciences Department of
Pepper Hamilton LLP, resident in the Orange County and Los Angeles offices.
A member of the Corporate and Securities Practice Group, Alex’s practice is focused on
technology transaction and data privacy and security matters. He advises consumers and
vendors of information technology products and services on agreements involving cloud
services and software licensing, software and mobile application development,
information technology and business process outsourcing, hardware acquisition,
telecommunications, data licensing and professional services. He also advises clients on
data privacy and information security laws and regulations, including compliance with
HIPAA, Gramm-Leach-Bliley, US/EU Privacy Shield, state data protection and breach
notification requirements and development and implementation of data protection
policies and “best practices.” Alex is certified as an information privacy professional
(CIPP/US & CIPP/E) by the International Association of Privacy Professionals (IAPP).
Alex handles technology and data privacy and security matters in a variety of industries,
including the health care, life sciences, pharmaceutical, medical device, financial
services, and manufacturing industries. He has handled IT transactions collectively
valued at more than $500 million covering diverse critical business functions, including
electronic health records and other point of care solutions, e-commerce systems, and
infrastructure, production support, and development services, including drafting and
managing legal terms and conditions, statements of work, and service levels.
Alex holds a J.D. from UCLA School of Law, where he served as managing
editor, UCLA Law Review and a B.A. in Economics and International Studies from
University of California, Los Angeles.
4 Park Plaza
Suite 1200
Irvine, CA 92614-2524
949.567.3511
213.928.9800
nisenbauma@pepperlaw.com
www.pepperlaw.com
8. 7
MAJOR TOPICS
• Cyber breach preventative strategies
• Cyber written policies and procedures
• Response during and after a cyber crisis
• GDPR
• Third-party vendor issues
• Best practices for the middle market
• Corporate and board best practices
• Cyber Insurance
• Transactional effects and deal due diligence
• Notable legal precedent
9. 8
LA / NY / SF / DC / arentfox.com
Expert Webcast:
Cybersecurity Issues in
M&A
Presented by: James M. Westerlind
Counsel, Arent Fox LLP
May 15, 2018
10. 9
Board Member Liability
• Cyber risk part of board’s Enterprise Risk Management
function – Louis A. Aguilar, Commissioner of SEC: “there can
be little doubt that cyber-risk must also be considered as part
of a board’s overall risk oversight.”
• Threshold for director oversight liability very high: “(a) the
directors utterly failed to implement any reporting or
information system or controls; or (b) having implemented
such a system or controls, consciously failed to monitor or
oversee its operations thus disabling themselves from being
informed of risks or problems requiring their attention.” Stone
ex rel. AmSouth Bancorporation v. Ritter, 911 A.2d 362, 370
(Del. 2006).
2
11. 10
Board Member Liability (cont’d)
• Palkon v. Holmes, 2014 WL 5341880 (D. N.J. Oct. 20, 2014)
(Wyndham shareholder derivative action)
• Board had discussed the cyber-attacks at 14 board meetings between
2008 and 2012
• Company’s GC had given board presentation regarding the breaches
and Wyndham’s data security generally at every quarterly meeting
• Wyndham’s Audit Committee discussed the same issues in 16
committee meetings during same period
• Cyber security on agenda for every regular board meeting
• Consider creating a sub-committee
• Consider retaining outside board member with expertise in
cybersecurity – cost benefit analysis
3
12. 11
Value of Cyber Insurance
• Provides coverage for risks not covered by
CGL
• First- and third-party liability coverage
• Breach response coverage
• Cyber risk policies not uniform
4
13. 12
Vendor Risks
• Two-thirds of data breaches caused by third-
party vendors. Ponemon Institute.
• Target data breach – HVAC contractor.
• Review the company’s vendor contracts to
ensure that technology requirements
adequate
• Make sure vendor is required to notify company of
suspected breach immediately and let company
control investigation and responses involving
company data
5
14. 13
Vendor Risks (con’t)
• Review the sensitive data the each vendor
has access to
• Make sure that vendors have adequate cyber
risk insurance and add company as additional
insured
Footer Text
6
15. 14
Preventative Measures for Cyber Risks
• Combined Legal and IT audits of company’s
IT system
• Identify potential weaknesses
• Protect audit, findings and recommendations as
privileged
• Train management (including CEO) and
employees to avoid being victims
• Use real examples to train employees
Footer Text
7
16. 15
Danger to Small-to-Mid-Sized Companies
• 60% of the victims of cyber attacks in 2014
were small-to-mid-sized companies. 1/13/15
N.Y. Times Article: Entrepreneurship: No
Business Too Small to be Hacked
• Smaller companies accept payment by credit
cards
• Malware installed in retailer’s credit card
processing system to collect credit card
information – ATMs, gas pumps, groceries
8
17. 16
Danger to Small-to-Mid-Sized Companies (cont’d)
• Employee personal information
• Ransomware attacks on the rise
• Smaller companies often don’t have as
sophisticated cyber security measures in
place as larger companies – easier prey
9