IT management is a major concern, with many portfolio companies struggling with IT hygiene, potentially exposing them to costly breaches, according to a report by BlueVoyant.
“When it comes to private equity portfolio companies, we see a wide range of cyber defense postures,” said Dan Vasile, VP, strategic development at BlueVoyant. “Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect the value of portfolio companies. The private equity industry is starting to get on track. However, we must accelerate the entire process to protect these vulnerable entities, as well as strengthen cyber defense against less easily exploitable but equally damaging threats.
BlueVoyant analyzed 780 portfolio companies from private equity-backed companies, the majority of which are headquartered in the United States, but which include companies in Europe and around the world. Key findings from the survey include:
- 19% of the portfolio companies examined are exposed via “zero tolerance results” discovered in their publicly available internet footprints. BlueVoyant defines zero tolerance as known critical findings that are easily exploitable by malicious actors and are generally associated with successful outcomes. ransomware attacks. If these vulnerabilities were exploited, it could lead to loss of data and service availability, resulting in customer distrust and financial loss.
- More than 70% of critical results on the Internet are related to IT hygiene.
“It is imperative that private equity firms effectively oversee their digital ecosystems by continuously monitoring their portfolio companies to quickly resolve issues and minimize the financial impacts of any cyberattacks,” says James Tamlin, Vice President, Strategic Development at BlueVoyant. “Without good cyber risk managementthese companies can face costly repercussions, especially if IT hygiene is not improved.
At a recent private equity roundtable attended by 20 private equity firms, it was widely recognized that cyber risk matters. But at the same time, it was felt that due diligence can slow down the acquisition process. Private equity firms competing to buy portfolio companies say speed of the deal is key and too much compliance can be a negative. They therefore recognize that there is a trade-off between manage cybersecurity risk and securing the case.
To maintain cyber vigilance within private equity firms, BlueVoyant recommends working proactively within portfolio companies to reduce cybersecurity risk and avoid costs associated with breaches. It is essential to work with portfolio companies to improve IT management practices to current standards, as well as establish a prioritized risk mitigation program and continuously assess any weaknesses in their risk posture in real time .