PRIVATE EQUITY SERVICES

Private Equity Has Become a Prime Target To Cyber Criminals

Given the frequency of deal announcements and the vast amounts of data and cash on-hand in order to close a deal, it’s no surprise that private equity (PE) firms and their portfolio companies have increasingly become a major target for cyber criminals. According to a 2023 report from Accenture on the rising costs of cyber attacks, 64% of PE firms observe an uptick in cyber incidents during the month of deal closure. When considering the impact a cyber attack can have on the immediate financial stability and long-term investor confidence in a PE firm, these firms must possess the resources required to enable them to identify and thwart cyber threats.

The average ransom paid to a malicious actor by a medium sized company (as most PE firms are categorized) is over $1 million, and nearly half of these companies don’t have cyber insurance. A data breach or successful cyber attack puts the reputations, the ability to operate, and value of both PE firms and their priority companies at risk.

Once a deal is closed it doesn’t mean that a PE firm can be less vigilant in its security operations. Given the perceived lack of cybersecurity maturity in portfolio companies, they are viewed by cyber attackers as highly vulnerable targets. While portfolio companies typically retain the responsibility for managing cyber risk themselves, if one of these companies falls victim to a cyber attack, the PE firm remains exposed to costs associated with legal liabilities and reputational damage resulting from the attack. Additionally, a cyber attack would significantly impact a portfolio company’s ability to create value for its owners and also reduces the overall value of the holding.

Managing Cyber Risk Without Slowing Down the Speed of PE

As your partner in cybersecurity, Malcom Risk Advisors works with your PE firm to assist you in managing cyber risk throughout the transaction lifecycle, including post-close. Service offerings to PE firms include:

  • Assisting in performing technical due diligence. To expedite the process, we focus on the areas that matter the most, and more importantly, we ensure any high-risk matters that are identified during due diligence and may impact the valuation of the company are remediated before the deal is closed.

  • Establishing portfolio-wide security standards that are required to be implemented by all portfolio companies. Examples of these standards include processes for monitoring potential security threats, defining the controls required to provide endpoint protection, and creating and testing an incident response plan.

  • Performing annual (or more frequent) security assessments of your portfolio companies to ensure their compliance with the portfolio-wide security standards.

  • Implementing dashboard capabilities that enables your ability to, in near real-time, track security compliance / key performance indicators across your portfolio companies.

  • Acting in the capacity of a fractional CISO within your PE firm and/or your portfolio companies, providing you with a seasoned security executive to lead your efforts to adequately manage cybersecurity risk.