Private Equity and Cyber Security: The 3 Weak Points

If you are a private equity general partner, and not directly involved in cyber security, you may well be astonished by how frequent, how persistent and how well organised cyber attacks are. You may well also be surprised that a private equity general partner – as well as its portfolio companies – is of special interest to cyber attackers.

Private equity COOs and managing partners should consider the three main areas of the private equity business model that are susceptible to cyber attack:

1. Acquisitions and disposals

The cyber security threat around corporate finance transactions has already been recognised as a key issue by HM Government. M&A activity is a common target of espionage, ranging from corrupt competitors to foreign intelligence services. During the weeks or months leading up to a change in ownership, organisations on all sides of a deal face a heightened risk of cyber espionage from interested parties seeking to gain competitive advantage in the process.
The timing of these attacks does not necessarily correlate with the deal news going public; they frequently occur before this and it should be assumed that as soon as the idea of a merger or acquisition is discussed – even in private – there is a risk of a compromise. You may therefore wish to operate under the assumption you are at risk at all times, and put in place the necessary measures.

2. Financial information

Private equity firms are at greater risk than most businesses when it comes to higher value fraud attempts via cyber attack. You are likely to hold financial and business information relating to your fund, your portfolio companies and your investors. All of this data has the potential to yield a high value return for an attacker.

3. Erosion of portfolio company valuation

All companies – whether private equity-owned or not – are at risk of cyber attack. We will look in subsequent blogs at which assets within a portfolio are most at risk, but suffice to say that cyber attacks, in particular due to the reputational damage they can cause, can have a tangible effect on company valuation.

A successful private equity general partner understands which risks might undermine success and cyber security is no different. The GP needs to consider the specific cyber threats facing the businesses in their portfolio, and ensure that these risks are being managed. This is not purely a technology challenge, but also involves people, information systems, processes, culture and physical surrounding – A holistic view needs to be taken. Understanding and managing these risks will allow PE to capitalise on the immense opportunity for growth and develop in a digital age.

To get a sense of the sheer scale of corporate cyber crime, I would recommend reading this Financial Times article by Caroline Binham, in which members of our cyber security team discuss the developing battleground of cyber warfare.

http://ow.ly/K6R54

« How you could become a victim of cybercrime in 2015
The Dark Web: anarchy, law, freedom and anonymity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

BluescreenIT (BIT)

BluescreenIT (BIT)

BluescreenIT is an IT Security Consultancy and IT and Cyber Security Training company supporting industry, local authorities, MoD and governmental IT departments.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

ArmorCode

ArmorCode

ArmorCode's intelligent application security platform gives us unified visibility into AppSec postures and automates complex DevSecOps workflows.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

Acumen

Acumen

Acumen's cyber security engineers protect your critical systems, in critical moments. We are here when you need us most.