Private Equity and Cyber Resiliency - A Zero Trust Approach

After a record-breaking M&A year in 2021, 2022 saw many investors slowing the pace of deal activity and bringing transaction volumes back down to pre-pandemic levels. One area that has not seen a significant slowdown is within the private equity (PE) space. According to a McKinsey report, in just the first half of 2022, PE deal value contributed 26% of total deal value, and it is on track to outperform 2021 figures. 

While PE firms have already deployed approximately $2T of capital in 2021, they continue to raise funds and have substantial dry powder to influence valuations and premiums in 2023 and beyond. In fact, certain technology-oriented PE funds, like Thoma Bravo, continue to exceed funding expectations - raising a record $32B in 2022. This suggests that PE activity is likely to remain strong going into 2023. With public attention and record-breaking deal volume, PE firms and their portfolio companies have become targets for cybercriminals. 

According to a report from Lockton, PE firms from the UK, to Hong Kong, to the US are all seeing increased cyberthreats. Specifically, these bad actors are becoming more sophisticated in how they approach PE firms and their portfolio companies, with targeted attacks and cyberthreats like:

• Email spoofing
• Social engineering
• Targeted phishing attacks
• Malware
• Ransomware
• Denial of service

The news of these attacks has not typically made headlines to the same extent as public company breaches, however, the impact on the affected company, its valuation, and its operations is no less severe. Studies from Performance Improvement Partners have shown that PE firms and their portfolio companies face an equally challenging cyber landscape with: 

• 300% more cyberattacks on financial services organizations than peers in other industries
• 71% - the number of organizations victimized by ransomware
• 63% - the number of organizations that paid the ransom 
• SEC 4A rule changes - the regulatory environment is becoming more complex with regulators imposing cyber disclosure requirements on private equity funds 

The impact of these challenges–either in isolation or in aggregate–can significantly impact the entire PE investment lifecycle (e.g. from initial due diligence, to value creation, to eventual exit). In an era of rising interest rates leading to depressed valuations, and with investment horizons now extending to 7 or 8 years (from the historical 4- to 5-year period), PE firms need to find innovative ways for risk mitigation and value creation. So, how are leading PE firms addressing these challenges? Most firms agree that the best cyber defense is preventing cyberthreats in the first place. Industry experts agree that the zero trust approach is the best technique to secure both PE firms and their portfolio companies. Zero trust is a set of technologies and functionalities that enable secure access to internal applications for remote users. It operates on an adaptive trust model, where trust is never implicit, and access is granted on a need-to-know, least-privileged basis defined by granular policies. Please read our whitepaper to explore this topic further.