Private equity firms continue to acquire MSSPs, cybersecurity businesses and other types of technology businesses. But how can those private equity firms ensure that the acquired companies are properly mitigating cyber risks within their organizations?
One potential answer comes from Drawbridge, a cybersecurity software and solutions provider. Indeed, Drawbridge has launched a module that allows private equity funds to monitor the cyber risk profiles of their portfolio companies in real time, according to a prepared statement.
PE funds can use the module to view the cybersecurity vulnerability management program and access data and reporting associated with their portfolio companies, Drawbridge stated. They also can leverage the module to scan for known vulnerabilities within on-site and remote environments, monitor supply chain risk and create and track a roadmap for future improvements within their portfolio companies' risk programs.
The module surfaces amid occasional questions about private equity firms and their cybersecurity business practices. Some critics allege that PE firms focus too heavily on portfolio company profits -- perhaps at the expense of cybersecurity and risk mitigation.
One potential example (though the legal case is still pending and has not been proven): A class action lawsuit alleges private equity firms Thoma Bravo and Silver Lake Partners and their cost priorities played central roles in the high-profile SolarWinds Orion breach, SC Magazine reports. The private equity firms did not reply to SC Magazine's request for comment.
Meanwhile, Drawbridge is certainly familiar with the private equity market. The company closed a minority investment from capital market company Long Ridge Equity Partners in March 2021. Drawbridge is using the funds to accelerate product innovation, expand its sales and marketing activities across North America and EMEA, and continue investing in its people, platform and client services, the company said at the time.
Additional insights from Joe Panettieri.