In this episode, Paul Harragan and John Nugent explore how PE can manage cybersecurity risk and why it should be viewed as a value creation lever instead of a cost.
Cyberattacks happen constantly, and companies display a wide range of preparedness. Private equity (PE), like any other industry, is not immune from this growing threat. 1H2021 saw increase in ransomware attacks in PE portfolio companies, which is especially troublesome for an industry that has traditionally taken a less rigorous approach to information security and cyber defense. PE has, however, begun to embrace the necessary investments needed to understand their intrinsic risk, prepare for the inevitable breach and respond quickly.
While it is inherently difficult to gauge or predict the monetary cost of a breach, PE must consider that a breach can degrade an asset’s sale price or, in rare cases, be a “dealbreaker” altogether. In addition to potential impact on transactions, skyrocketing insurance costs render the cost of negligence far greater than the cost of investing in a comprehensive cybersecurity strategy.
Cybersecurity due diligence is increasingly becoming industry standard and should focus on past, present and future. For PE, future risk is an especially critical consideration since capital deployment can dramatically change the threat landscape of an asset.
Five gold standard cybersecurity practices for PE include:
- Understand your threat landscape
- Identify what a hacker would find valuable and attractive about your company
- Identify critical business functions and adopt procedures to monitor, defend and preserve functionality in the event of an attack
- Inform security leadership of the technology strategy and broader business plan so they can anticipate changes to the attack surface
- Understand how new technology can generate new attack vectors and impact your threat landscape
For your convenience, full text transcript of this podcast is also available. Read the transcript.
Presenters
Paul Harragan
EY-Parthenon Associate Partner, Strategy & Transactions, Ernst & Young LLP
John Nugent
Vice President, Cybersecurity & Tech, Apax PartnersPodcast
Episode 33
Duration 30m 14s
In this series
series overviewHow cybersecurity creates value in PE
Episode 33
Presenters
EY-Parthenon Associate Partner, Strategy & Transactions, Ernst & Young LLP
Vice President, Cybersecurity & Tech, Apax Partners
PE Pulse: Five takeaways from 2Q 2021
Episode 32
Presenters
EY Global Private Equity Lead Analyst
Which six consumer categories PE should watch
Episode 31
Presenters
Principal, EY Parthenon, Ernst & Young LLP
Senior Director, EY Corporate & Growth Strategy Practice, Consumer Sector
How academic research can measure and predict PE performance
Episode 30
Presenters
Executive Director at the Institute for Private Capital and Finance Professor at the University of North Carolina (UNC) Kenan-Flagler Business School
EY Americas Financial Accounting Advisory Services Private Equity Leader
What PE can learn from Advent’s DEI program
Episode 28
Presenters
Partner, Advent International
EY Americas Financial Accounting Advisory Services Private Equity Leader
PE Pulse: Five takeaways from 1Q21
Episode 27
Presenters
EY Global Private Equity Lead Analyst
Where to focus your post-pandemic workplace reimagination
Episode 26
Presenters
EY National Workplace Leader
EY Americas Financial Accounting Advisory Services Private Equity Leader
Where PE should deploy capital in LATAM
Episode 25
Presenters
EY-Parthenon Partner, EY Latin America North
EY-Parthenon Partner, EY Latin America North Financial Services Partner, EY Colombia