Private equity firms have gradually begun to recognize the importance of cybersecurity oversight, moving beyond basic pre-acquisition cyber due diligence.
According to ACA Group, initially, efforts included engaging external consultants and establishing basic cybersecurity controls for portfolio companies (PortCos) facing cyber challenges. However, as highlighted by the Wall Street Journal, this level of oversight has proven insufficient in safeguarding investments from the ever-evolving cyber threats, as well as in reassuring investors.
A more systematic approach to cybersecurity portfolio oversight is now being adopted, focusing not only on managing traditional risks but also on creating significant value. Documenting a track record of proactive cybersecurity management can attract investors and enhance valuations. Moreover, sharing resources and best practices across the portfolio can lead to cost reductions and operational efficiencies.
Cybersecurity management is increasingly seen as a critical factor in improving valuations at the time of exit. A subpar or unclear cybersecurity program negatively reflects on PortCo management’s capabilities and raises doubts about the company’s potential for growth, whether organic or through acquisitions. With exit valuations closely tied to the quality of management and scalability potential, inadequate cybersecurity measures can detrimentally impact valuations—estimates suggest a potential 3% decrease in exit valuations due to hidden cybersecurity risks.
Despite only a fraction of deals experiencing a 1% valuation decrease, the cumulative financial impact for many firms could be substantial, reinforcing the need for robust, audited cybersecurity practices that can positively influence buyers’ perceptions.
Programmatic cybersecurity oversight allows for the exploration of economies of scale, which can significantly lower cybersecurity costs for PortCos. By coordinating service purchases and sharing services such as Managed Service Providers (MSP), Managed Security Service Providers (MSSP), cybersecurity insurance, consulting, and software solutions like SIEM and XDR, costs can be reduced. This coordinated approach helps eliminate redundancies and secure services at more competitive rates.
By pooling data and insights from across the portfolio, PortCos can benchmark and right-size their cybersecurity investments. Hosting forums for PortCos to exchange best practices offers a platform for those at varying maturity levels to enhance their cybersecurity strategies and foster a supportive community environment.
Effective cybersecurity oversight requires commitment from the top—both the board and managing partners. Demonstrating the dual benefits of risk management and value creation through operational improvements is essential. Regular stakeholder engagement, backed by a solid track record of oversight success, plays a crucial role in securing this commitment. Additionally, involving external experts can further validate the oversight program and help in gaining broader leadership support.
Copyright © 2024 RegTech Analyst
Copyright © 2018 RegTech Analyst