The SEC and other regulatory bodies have made cybersecurity a priority in their examinations. And while many PE firms have begun to take cybersecurity more seriously, others still have a long way to go.
A PE firm that is not well-armed with robust cybersecurity protocols exposes itself to direct financial ramifications of a breach (e.g., litigation, hiring consultants to fix the problem). But even more important, a cyber breach can expose a PE firm, its limited partners and/or its portfolio companies to significant reputational damage. And this could affect their ability to raise capital.
Forward-thinking PE firms need to be ahead of the game when it comes to protecting themselves against a cyberattack. This means employing cybersecurity best practices that we believe regulatory bodies will be expecting from them. These should include an annual cyber-risk assessment, well-defined policies and procedures, and strong technical and process-related controls. A cybersecurity breach can wreak havoc on the operations of any business. PE firms need to view cybersecurity as a key component of their risk-management processes and a critical factor in their growth strategies.
As a seller, the installation of cybersecurity best practices will result in more favorable terms when exiting an investment. When acquiring a new portfolio company, the absence of cybersecurity best practices is an indication of increased risk and may be symptomatic of other operational weaknesses.
Most private equity firms talk about the importance of cybersecurity, but very few actually implement it. In this video, Jim Ambrosini, Managing Director, Cybersecurity at CohnReznick, addresses the risks associated with a portfolio or fund-level breach or cyberattack and how a true cybersecurity program can contribute to growth.
This article represents the views of the author only and does not necessarily represent the views of PitchBook.