How cybersecurity creates value in PE

In this episode, Paul Harragan and John Nugent explore how PE can manage cybersecurity risk and why it should be viewed as a value creation lever instead of a cost.

Related topics Private equity

Cyberattacks happen constantly, and companies display a wide range of preparedness. Private equity (PE), like any other industry, is not immune from this growing threat. 1H2021 saw increase in ransomware attacks in PE portfolio companies, which is especially troublesome for an industry that has traditionally taken a less rigorous approach to information security and cyber defense. PE has, however, begun to embrace the necessary investments needed to understand their intrinsic risk, prepare for the inevitable breach and respond quickly.

While it is inherently difficult to gauge or predict the monetary cost of a breach, PE must consider that a breach can degrade an asset’s sale price or, in rare cases, be a “dealbreaker” altogether. In addition to potential impact on transactions, skyrocketing insurance costs render the cost of negligence far greater than the cost of investing in a comprehensive cybersecurity strategy.

Cybersecurity due diligence is increasingly becoming industry standard and should focus on past, present and future. For PE, future risk is an especially critical consideration since capital deployment can dramatically change the threat landscape of an asset.

Five gold standard cybersecurity practices for PE include:

  1. Understand your threat landscape
  2. Identify what a hacker would find valuable and attractive about your company
  3. Identify critical business functions and adopt procedures to monitor, defend and preserve functionality in the event of an attack
  4. Inform security leadership of the technology strategy and broader business plan so they can anticipate changes to the attack surface
  5. Understand how new technology can generate new attack vectors and impact your threat landscape

For your convenience, full text transcript of this podcast is also available. Read the transcript.

Presenters

Paul Harragan
EY-Parthenon Associate Partner, Strategy & Transactions, Ernst & Young LLP
Photographic portrait of John Nugent
John Nugent
Vice President, Cybersecurity & Tech, Apax Partners

Podcast

Episode 33

Duration 30m 14s

In this series

series overview
(Event List - Manual)

How cybersecurity creates value in PE

In this episode, our speakers explore how PE can manage cybersecurity risk and why it should be viewed as a value creation lever rather than a cost.
Podcast

Episode 33

Duration
30m 14s

Presenters

Paul Harragan

EY-Parthenon Associate Partner, Strategy & Transactions, Ernst & Young LLP

John Nugent

Vice President, Cybersecurity & Tech, Apax Partners

PE Pulse: Five takeaways from 2Q 2021

In this episode, Pete Witte, EY Global Private Equity Lead Analyst, explores the key themes and market dynamics from 2Q 2021 that are top of mind for PE investors.
Podcast

Episode 32

Duration
10m 00s

Presenters

Which six consumer categories PE should watch

In this episode, our speakers explore the consumer product categories, behaviors and trends investors should keep an eye on.
Podcast

Episode 31

Duration
27m 00s

Presenters

Lindsey Kiely

Principal, EY Parthenon, Ernst & Young LLP

Bhakti Nagalla

Senior Director, EY Corporate & Growth Strategy Practice, Consumer Sector