In this episode, Paul Harragan and John Nugent explore how PE can manage cybersecurity risk and why it should be viewed as a value creation lever instead of a cost.
Cyberattacks happen constantly, and companies display a wide range of preparedness. Private equity (PE), like any other industry, is not immune from this growing threat. 1H2021 saw increase in ransomware attacks in PE portfolio companies, which is especially troublesome for an industry that has traditionally taken a less rigorous approach to information security and cyber defense. PE has, however, begun to embrace the necessary investments needed to understand their intrinsic risk, prepare for the inevitable breach and respond quickly.
While it is inherently difficult to gauge or predict the monetary cost of a breach, PE must consider that a breach can degrade an asset’s sale price or, in rare cases, be a “dealbreaker” altogether. In addition to potential impact on transactions, skyrocketing insurance costs render the cost of negligence far greater than the cost of investing in a comprehensive cybersecurity strategy.
Cybersecurity due diligence is increasingly becoming industry standard and should focus on past, present and future. For PE, future risk is an especially critical consideration since capital deployment can dramatically change the threat landscape of an asset.
Five gold standard cybersecurity practices for PE include:
- Understand your threat landscape
- Identify what a hacker would find valuable and attractive about your company
- Identify critical business functions and adopt procedures to monitor, defend and preserve functionality in the event of an attack
- Inform security leadership of the technology strategy and broader business plan so they can anticipate changes to the attack surface
- Understand how new technology can generate new attack vectors and impact your threat landscape
For your convenience, full text transcript of this podcast is also available. Read the transcript.
Presenters
Paul Harragan
EY-Parthenon Associate Partner, Strategy & Transactions, Ernst & Young LLPJohn Nugent
Vice President, Cybersecurity & Tech, Apax PartnersPodcast
Episode 33
Duration 30m 14s
In this series
series overviewHow cybersecurity creates value in PE
Episode 33
Presenters
EY-Parthenon Associate Partner, Strategy & Transactions, Ernst & Young LLP
Vice President, Cybersecurity & Tech, Apax Partners
PE Pulse: Five takeaways from 2Q 2021
Episode 32
Presenters
Which six consumer categories PE should watch
Episode 31
Presenters
Principal, EY Parthenon, Ernst & Young LLP
Senior Director, EY Corporate & Growth Strategy Practice, Consumer Sector