Private equity firms should conduct IT and cyber due diligence at key milestones during the deal lifecycle to protect themselves from cyberattack at their portfolio companies, according to compliance firm ACA.
Cyberattacks at private equity portfolio companies increased by an average 65 percent in 2016, with each incident costing around $2.5 million, the firm said during a webinar on Thursday, citing PwC data.
Before completing a deal, a firm should conduct an onsite risk profiling of the company’s business strategy and technology, and review the key tech and cybersecurity risks.
Once the deal has been completed, the firm should conduct an onsite strategic planning exercise, identifying critical gaps in the system, and establish a roadmap, which should be revisited regularly to ensure it is still relevant and fulfils needs, ACA said.
It added attackers are learning about business operations to exploit weaknesses, targeting staff and taking advantage of gaps in security and weak incident response practices.
“The typical hands-off approach by private equity firms must be reassessed to influence the adoption of more sweeping cybersecurity enhancement. Acquirers must understand portfolio companies’ cybersecurity risk before and after investing, or find themselves at risk for financial and reputational damage,” ACA said.
If you do not receive this within five minutes, please try to sign in again. If the problem persists, please email: