Traditional engagement with cyber security from the funding community has tended toward compliance-driven only. However, a tick box exercise alone does not effectively mitigate cyber risk, and furthermore neglects commercial opportunity to closer control ROI throughout the investment lifecycle, ultimately preventing portfolio value erosion.
70% of General Partners (GPs) acknowledge that cyber security has a very real and quantifiable effect on a portfolio’s value, and there is growing acceptance of its application to the investment thesis as a risk equal to all others. Limited Partners (LPs) are reinforcing this trend, with the Institutional Limited Partners Association (ILPA) in November 2021 issuing the standardised due diligence questionnaire (DDQ) including cyber security components.
There of course remains the very real need for compliance and covering the basics such as GDPR and CCPA, created in part to help defend against very real threats. Last year the industry reported a 238% increase in cyber-attacks, many of which resulted in prominent regulatory fines, and brand and investment damage to PE houses. This isn’t set to slow down, with predictions of global damages from cybercrime costing $10.5trillion by 2025.
The following checklist details cyber security practices above traditional compliance, which private equity executives can leverage for deeper visibility of a target’s cyber risk during the investment stage, and then throughout the investment lifecycle to ultimately protect against portfolio value erosion.