Private Equity and Cyber Security: The 3 Weak Points

If you are a private equity general partner, and not directly involved in cyber security, you may well be astonished by how frequent, how persistent and how well organised cyber attacks are. You may well also be surprised that a private equity general partner – as well as its portfolio companies – is of special interest to cyber attackers.

Private equity COOs and managing partners should consider the three main areas of the private equity business model that are susceptible to cyber attack:

1. Acquisitions and disposals

The cyber security threat around corporate finance transactions has already been recognised as a key issue by HM Government. M&A activity is a common target of espionage, ranging from corrupt competitors to foreign intelligence services. During the weeks or months leading up to a change in ownership, organisations on all sides of a deal face a heightened risk of cyber espionage from interested parties seeking to gain competitive advantage in the process.
The timing of these attacks does not necessarily correlate with the deal news going public; they frequently occur before this and it should be assumed that as soon as the idea of a merger or acquisition is discussed – even in private – there is a risk of a compromise. You may therefore wish to operate under the assumption you are at risk at all times, and put in place the necessary measures.

2. Financial information

Private equity firms are at greater risk than most businesses when it comes to higher value fraud attempts via cyber attack. You are likely to hold financial and business information relating to your fund, your portfolio companies and your investors. All of this data has the potential to yield a high value return for an attacker.

3. Erosion of portfolio company valuation

All companies – whether private equity-owned or not – are at risk of cyber attack. We will look in subsequent blogs at which assets within a portfolio are most at risk, but suffice to say that cyber attacks, in particular due to the reputational damage they can cause, can have a tangible effect on company valuation.

A successful private equity general partner understands which risks might undermine success and cyber security is no different. The GP needs to consider the specific cyber threats facing the businesses in their portfolio, and ensure that these risks are being managed. This is not purely a technology challenge, but also involves people, information systems, processes, culture and physical surrounding – A holistic view needs to be taken. Understanding and managing these risks will allow PE to capitalise on the immense opportunity for growth and develop in a digital age.

To get a sense of the sheer scale of corporate cyber crime, I would recommend reading this Financial Times article by Caroline Binham, in which members of our cyber security team discuss the developing battleground of cyber warfare.

http://ow.ly/K6R54

« How you could become a victim of cybercrime in 2015
The Dark Web: anarchy, law, freedom and anonymity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Hyper Recruitment Solutions

Hyper Recruitment Solutions

Hyper Recruitment Solutions is a specialist and highly compliant recruitment consultancy dedicated to the Science and Technology sectors.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

ManTech International

ManTech International

ManTech provides comprehensive, integrated cyber security support, which includes computer and network design, implementation, and operations.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Jolocom

Jolocom

Jolocom builds decentralized software solutions that enable people, organizations, and machines to own and control their identity information.

BlackCloak

BlackCloak

BlackCloak provides Concierge Cyber Security for high-net-worth individuals and corporate executives to protect them from cybercrime, reputational risks, hacking and identity theft.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.