Private equity cybersecurity attacks are on the rise, and the threat isn’t only a problem for corporations with deep pockets.
For private equity firms, data breaches have far-reaching consequences. They negatively impact valuations, spook investors, create fundraising challenges, and damage a firm’s reputation.
Unfortunately, private equity firms and their funds are prime targets for hackers.
In 2020, the average mid-market private equity fund was grappling with over 10,000 cybersecurity attacks per day, according to Performance Improvement Partners (PIP), a consultancy that works specifically in this sector.
The larger private equity firms as well as the larger financial institutions, including banks and hedge funds, have hardened their firewalls and best practices against these threats. However, smaller, mid-market firms continue to lag in these efforts due to the lack of bandwidth and expertise to continuously focus on threats.
The Mid-Market is More Vulnerable Due to Older Legacy IT Environments
Many of the portfolio companies in mid-market focused PE firms are running legacy, on-premise enterprise systems and less secure networks that are more vulnerable to being hacked.
Moving to more secure, cloud-based environments continues to be a popular upgrade path for organizations using these outdated IT environments. This is in part due to a larger remote workforce and the introduction of more newly connected remote devices.
While this trend is promising, hackers are quickly evolving their tactics to attack cloud-based enterprise networks. According to PIP, the vast majority (94%) of cybersecurity attacks are generated by social engineering scams that lure employees into sharing secure information.
Valuation Impact and Risk
Firms with portfolio companies lacking in effective IT security-based protection will see an impact to profitable investment exits. Beyond the negative impact on valuations, this can also negatively impact a firm’s reputation in the investment community and impede fundraising.
As a result, private equity firms have generally avoided being transparent regarding the disclosure of data breaches because they don’t want to spark fear in the investment community. This lack of transparency is starting to improve, at least at the fund stakeholder level.
A Portfolio-Based Plan of Attack
Another form of flawed thinking is feeling more compelled to prioritize cybersecurity efforts for the most highly valued portfolio companies. As mentioned earlier, it’s the companies with lower valuations that are more likely to need cybersecurity attention.
Taking a holistic approach to cybersecurity threats involves setting an IT security and best practice-based strategy and plan at the portfolio level. The primary benefits to a firm if they take this approach are as follows:
- The firm will be able to establish a cybersecurity functional practice at the fund level with experienced subject matter experts. This will set a baseline strategy and plan that all portfolio companies can adopt and manage, providing efficiencies across a firm’s portfolio.
- By establishing a functional practice with portfolio-wide oversight, a firm will be able to more efficiently leverage cybersecurity assessment, protection, and ongoing management-related spend across the portfolio.
- The firm will be able to do a portfolio audit to identify higher risk companies that are more exposed based on unique IT security challenges associated with legacy IT.
The Benefits to Fundraising and Competitive Advantage
Not only is private equity realizing that the above approach is a must-have capability for effectively fending off cybersecurity attacks, but they are also realizing it can improve their ability to fundraise.
Essentially, by promoting the fact that a firm has a dedicated functional practice that takes a holistic, portfolio-wide approach to cybersecurity, the firm instills confidence in the investment community.
This is not only happening at the firm/fund level. Cybersecurity factors are also being considered more thoroughly during investment due diligence.
Conclusion
A firm’s efforts to continuously work to reduce risk at the firm-, fund-, and portfolio-level, increases private equity’s competitive advantage and positively impacts a firm’s reputation and ability to attract new investors.
Infor is a market leading cloud-based provider of ERP and business application solutions designed to provide superior protection from cybersecurity threats. Infor, in partnership with Panorama, brings a combined depth of experience assisting organizations in establishing tailored strategies and plans designed to optimize IT environments from these threats.
Panorama’s ERP consultants understand that cybersecurity is an important consideration during ERP selection and implementation. The Panorama team can ensure your portfolio companies prioritize this factor throughout their IT initiatives. Request a free consultation below.
About the Author
Eric Bragg is a Senior Managing Director leading Infor’s Private Equity Practice. Eric has held several leadership roles at organizations where he has stood up private equity practices and related go-to-market strategies. In his current role at Infor, he has structured an engagement model tailored for private equity that helps operating partners understand how to leverage Infor technology to enable targeted value creation opportunities across an investment portfolio.
Note: The inclusion of guest posts on the Panorama website does not imply endorsement of any specific product or service. Panorama is, and always will remain, completely independent and vendor-neutral.