For private equity firms, unanticipated data breaches can induce severe consequences.
They negatively impact valuations, unnerve investors, create fundraising challenges, and damage a firm’s overall reputation.
Yet unfortunately, private equity firms and their funds are prime targets for hackers. In 2020, the average mid-market private equity fund grappled with over 10,000 cybersecurity attacks per day, according to Performance Improvement Partners (PIP), a consultancy that works specifically in this sector.
To protect themselves in the midst of this ongoing cyber-war, the larger private equity firms and larger financial institutions-including banks and hedge funds-have reinforced their firewalls and implemented preventative regulations. However, due to a lack of expertise and applicable resources, mid-market firms continue to lag in these efforts and thus center as hacker’s primary targets.
Mid-Market Vulnerability
Companies in mid-market focused private equity firms are reputably running legacy, on-premise enterprise systems and less secure networks that are more vulnerable to being hacked.
Moving to more secure, cloud-based environments continues to be a popular upgrade path for organizations using these outdated IT environments. This is in part due to a larger remote workforce and the introduction of more newly connected remote devices.
While this trend is promising, hackers are quickly evolving their tactics to attack cloud-based enterprise networks. According to PIP, the vast majority (94%) of cybersecurity attacks are generated by social engineering scams that lure employees into sharing secure information.
Valuation Impact
Firms with portfolio companies lacking in effective IT security-based protection will observe an impact to profitable investment exits. Beyond the negative impact on valuations, this can also unfavorably impact a firm’s reputation in the investment community-curbing fundraising.
As a result, private equity firms have generally avoided being transparent regarding the disclosure of data breaches because they don’t want to spark fear in the investment community. This lack of transparency is starting to improve, at least at the fund stakeholder level.
A Portfolio-Based Plan of Attack
To efficiently address cybersecurity issues and concerns-start at the portfolio level instead of the individual portfolio company level. Attacking this challenge one portfolio company at a time lacks effectiveness and results in firms making larger investments than necessary in time, resources, and cost.
Another form of flawed thinking is feeling more compelled to prioritize cybersecurity efforts for the most highly valued portfolio companies. As mentioned earlier, it’s the companies with lower valuations that are more likely to need cybersecurity attention.
Taking a holistic approach to cybersecurity threats involves setting an IT security and best practice-based strategy and plan at the portfolio level. The primary benefits to a firm if they take this approach are:
• The ability to establish a cybersecurity functional practice at the fund level with experienced subject matter experts. This will set a baseline strategy and plan that all portfolio companies can adopt and manage, providing efficiencies across a firm’s portfolio.
• The ability to more efficiently leverage cybersecurity assessment, protection, and ongoing management-related spend across the portfolio.
• The firm will be able to do a portfolio audit to identify higher risk companies that are more exposed based on unique IT security challenges associated with legacy IT.
The Importance of Fundraising & Competitive Advantage
Not only is private equity realizing that the above approach is a must-have capability for effectively fending off cybersecurity attacks, but they are also realizing it can improve their ability to fundraise.
Essentially, by promoting the fact that a firm has a dedicated functional practice that takes a holistic, portfolio-wide approach to cybersecurity, the firm instills confidence in the investment community.
This is not only happening at the firm/fund level. Cybersecurity factors are also being considered more thoroughly during investment due diligence.
A private equity firm’s continuous work efforts to effectively reduce risk strengthens their competitive advantage while positively influencing their reputation and ability to attract new investors.
MCDA CCG’s consultants thoroughly understand the cruciality of cybersecurity consideration during enterprise software selection-including but not limited to ERP Selection and Implementation. The MCDA CCG team can ensure your portfolio companies prioritize this factor throughout their IT initiatives. With industry leading knowledge, you can trust our quality service with high standards continuously met by our experts in Placentia, Orange County, California. Don’t wait for a threat to gain traction against your firm, call us today!