Artificial Intelligence (AI) has immense potential as a solution for cybersecurity vulnerabilities in M&A deals. Generally, M&A deals generate value and as such, understanding vulnerabilities on the acquirer and target sides is important for completion of the transaction. With the common usage of networks and servers to store high volumes of data by corporations, vetting for cybersecurity attacks has become a priority in the M&A due diligence process. In a recent study, IBM reported that the global average cost of a data breach has risen 6.4 percent over a 12 month period to $3.86 million. The average cost for each lost or stolen record that contains confidential information is also up 4.8 percent to $148, a number that can grow at an exponential rate any time a significant breach has taken place.

Preventing such attacks may require leveraging new AI solutions. IBM also reported that the average cost of a breach for organizations that fully deploy security automation is $2.88 million, which is a $1.55 million net-cost difference for organizations without automation. As with any other innovation, AI can help facilitate and be a useful tool in the M&A due diligence process. With respect to cybersecurity vulnerabilities, AI solutions can help with the following factors found to affect the cost of a data breach:

  • Early detection: AI solutions can help identify and potentially contain the data breach faster than without automation technologies.
  • Effective management of detection and escalation costs: AI solutions can help maintain internal frameworks to manage detection and escalation costs.

Unsurprisingly, there has been an uptake in deals involving cybersecurity start-ups, including within the health and technology sectors. The effectiveness of AI solutions for protecting against cybersecurity vulnerabilities remains to be seen, as AI also gives rise to additional considerations, including in relation to supervising and monitoring the results and safeguarding against additional cybersecurity compromises that can arise with engaging AI solution into existing networks and servers.

The author would like to thank Fatima Anjum, summer student, for her assistance in preparing this legal update.

About Norton Rose Fulbright Canada LLP

Norton Rose Fulbright is a global law firm. We provide the world's preeminent corporations and financial institutions with a full business law service. We have 3800 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.

Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare.

Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

For more information about Norton Rose Fulbright, see

Law around the world

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.