Private equity firms are struggling with IT management, particularly cybersecurity hygiene, making their portfolios susceptible to attacks from hackers, BlueVoyant, a cybersecurity specialist said in a new report.
BlueVoyant surveyed nearly 800 portfolio companies from private equity-backed firms. The majority are U.S.-based but respondents were also headquartered in Europe and worldwide.
Cyber risk facing private equity firms is a little discussed issue, with focus typically placed on their M&A activity. But a closer look reveals the importance of cyber hygiene across their entire portfolios. Managed security service providers (MSSPs) engaged both with the private equity older and their companies would do well to understand that cybersecurity issues extend to the parent firm.
Private Equity Cybersecurity Challenges
Key survey findings include:
- 19% of examined portfolio companies are exposed via zero tolerance findings--critical known findings that are easily exploitable by malicious actors and are commonly associated with successful ransomware attacks--discovered in their internet-facing, publicly accessible footprints.
- Should these vulnerabilities be exploited, it could lead to loss of data and service availability, translating into customer distrust and financial loss.
- More than 70% of the critical internet-facing findings are related to IT hygiene.
“When it comes to private equity portfolio companies, we see a wide range of cyber defense postures,” said Dan Vasile, vice president, strategic development at BlueVoyant. “Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up cyber defense against less easily exploitable but equally damaging threats.”
Private Equity Cybersecurity Best Practices
To maintain cyber vigilance within private equity firms, BlueVoyant recommends the following:
- Proactively working within portfolio companies to reduce cybersecurity risk and avoid the costs associated with breaches.
- Working with portfolio companies to improve IT management practices to current standards is key, as well as establishing a prioritized risk reduction program, and continually assess for any weaknesses in their real-time risk posture.
“It is imperative that private equity firms effectively monitor their digital ecosystems by continuously monitoring their portfolio companies to quickly remediate any issues and overcome any cyber attack financial impacts,” says James Tamblin, vice chairman, strategic development at BlueVoyant. “Without proper cyber risk management, these companies can face costly repercussions, especially if improvements in IT hygiene are not made.”