The Rook

Send us Fan MailIn this episode of The Rook, David Shaw, founder of Corvus Cybersecurity and principal vCISO, examines the most consistently overlooked risk in M&A transactions: inherited cyber exposure. From Yahoo's misrepresentation of its breach history during the Verizon acquisition to the Marriott-Starwood breach that went undetected for four years, the pattern is the same. Cybersecurity due diligence gets a questionnaire, while financial and legal diligence get exhaustive scrutiny. The result is that acquirers close deals and inherit compromised environments, undisclosed incidents, and compliance gaps that carry real remediation costs.In this episode:How Yahoo's misrepresentations to Verizon held through signing, and what saved Verizon wasn't diligenceHow Marriott bought a four-year-old, undetected breach when it acquired StarwoodWhy the standard M&A cybersecurity questionnaire fails to catch material riskHow R&W insurance carve-outs and cyber insurance pre-existing condition exclusions are changing the stakes for deal teamsThe four-stage cyber due diligence process used on the buy side, and the three-bucket model for translating findings into deal team decisionsWhat sellers should be doing now to protect deal valueThree artifacts every buyer should require, not just three questions to askThe Rook · Corvus Cybersecurity · corvus-cyber.com · David Shaw, CISSP, GLEG