Absolutely! IP is one of the key commodities of any merger/acquisition and it is important to know what level of risk the IP has been based on cybersecurity measures inherent to the target company. Depending on the products and services, I would do a risk assessment first and then audit the controls in place. For example, I’ve been in the field of medical device and Dx product design and development and know for a fact that our servers are constantly under attack by hackers from other countries. It’s amazing to get some actual data on how many times this happens in a day. And the occurrence has just become more familiar as the internet and tools become more complex. The design is at risk and the IP becomes at risk. Also one thing to note is that most of the regulated device are using mobile platforms and this puts patients at risk as well if the database or algorithms of the device are affected. Yes, it is totally important in due diligence to assess the risk it poses and the security measures and mitigation controls in place to eliminate the risk.
