()

When it comes to deal lawyers and cybersecurity, the discussion is often over whether law firms are a weak link in their clients’ data defenses. But what about lawyers’ obligations to probe for cyber weaknesses within the companies doing the deals?

M&A professionals should assess companies on both sides of a transaction for potential cyberthreats, said Milan Patel, managing director at K2 Intelligence, who likened the process to a real estate adviser counseling potential home buyers.

“Is there a cracked foundation? Are there broken windows? How many windows are there?” Patel said at a panel discussion Tuesday at ALM’s cyberSecure conference in New York.

The aim is to scout out every internet point of entry into a company’s data, Patel explained, in order to make sure that hackers are kept out.

At Tuesday’s panel, law firm data experts said that robust cybersecurity due diligence is a responsibility that M&A advisers can’t ignore. And, they said, data protection now requires a proactive approach.

“The burden is on us ethically and as a matter of what the client is demanding from us,” said Baker & McKenzie partner David Lashway, who moderated the discussion.

Cybersecurity threats now come in multiple forms and from multiple actors, from state actors to criminals to activists such as Edward Snowden, Lashway pointed out. Companies engaged in mergers and acquisitions can be doubly vulnerable, he said.

Panelists said that the tools for safeguarding transactional clients’ data are still evolving, but having a strong cybersecurity team in place is a must.

“[The team] needs someone who understands those ones and zeros … that’s a trusted adviser, whether it’s inside or outside,” Patel said.

He also warned that as firms increase their defenses, hackers are also becoming more sophisticated—and ambitious.

“We’ll be safer, but the threats on the sharp end of the spear will become nastier,” Patel said.