.png)
Executive Risk & Board Advisory
Five Cyber Questions That Change What a Deal Is Worth.
Cyber due diligence is usually a checkbox near the end of the process. Five specific questions turn it into a deal-pricing input, surfacing the risks that actually move valuation and post-close cost.
Acquisition Agreements Get Signed on Cyber Reps Nobody Verified. That Becomes the GC's Problem.
Acquisition agreements get signed on cyber reps no one independently verified. When the deal closes, the gap between what was repped and what's true becomes the buyer's liability and the GC's problem. What deal counsel should require first.
The First 100 Days After Close Decide Your Cyber Risk for the Whole Hold.
Cyber due diligence is a screen, not a clean bill of health. The day a deal closes, every undetected weakness becomes the sponsor's problem, and the first 100 days are the only window with the leverage to fix it.
Your Cyber Budget Is a Number. Your Cyber Risk Is a Distribution. CFOs Keep Confusing the Two.
Global cyber spending hit a record $219 billion in 2025, the same year breaches set their own record. The disconnect exposes the core CFO error: treating cybersecurity as a budget number instead of a loss distribution to reshape.
Four Breaches in Six Weeks. One Extortion Group. Your Portfolio Is the Target List.
ShinyHunters spent early 2026 running one pay-or-leak campaign through Instructure, Adobe, Match Group, and DentaQuest. The target profile is a near-perfect description of the average PE portfolio company.
What CISA's CI Fortify Guidance Actually Means, and Why It Reads Like a Confession
CISA's CI Fortify guidance tells critical infrastructure to plan for months running cut off from its own networks, on the assumption the adversary is already inside. Why that reads like a confession.