Tag: mergers and acquisitions

Beyond the Balance Sheet: The Continued Importance of Cybersecurity in M&A

Merle M. DeLancey Jr., Samarth Barot, and Michael Joseph Montalbano 

Samarth Barot headshot image

In our August 1 post, we discussed how companies that acquire government contractors can inherit the False Claims Act (“FCA”) exposure based on their targets’ cybersecurity violations. Now, the Department of Justice (“DOJ”) delivered another vivid real-world example: a $1.75 million settlement in which a private equity (“PE”) firm, Gallant Capital Partners LLC, was named jointly and severally liable for its portfolio company’s cybersecurity violations on a U.S. Air Force contract.

The outcome underscores two critical truths. First, DOJ will pursue financial sponsors when a contractor in their portfolio fails to comply with its contractual cybersecurity requirements. Second, investors that fail to ask about, document, and remediate a target’s security shortcomings can find themselves financing both the acquisition and the government’s recovery.

Continue reading “Beyond the Balance Sheet: The Continued Importance of Cybersecurity in M&A”

Buyer Beware: Cybersecurity Compliance in M&A

Merle M. DeLancey Jr. and Samarth Barot 

A recent Department of Justice (“DOJ”) settlement highlights the importance of assessing cybersecurity compliance for government contractors during mergers and acquisitions (“M&A”). In April 2025, DOJ announced an $8.4 million settlement with a defense contractor resolving alleged cybersecurity noncompliance by a company it acquired. Notably, under the settlement, the acquiring company was liable for cybersecurity noncompliance that occurred prior to the acquisition.

In the M&A context, successor liability arises when an acquiring company becomes responsible for liabilities, obligations, or wrongful acts committed by the company to be acquired prior to the acquisition. Fundamentally, successor liability ensures that a corporate acquisition does not allow the acquired entity to escape accountability. In the settlement, DOJ explicitly named the acquiring company as the “successor in liability” for the acquired company’s alleged violations, even though the conduct at issue occurred years before the acquisition. This underscores the importance for acquirers to add cybersecurity compliance to the issues vetted during due diligence.

Continue reading “Buyer Beware: Cybersecurity Compliance in M&A”
Exit mobile version
%%footer%%