Securing Your Investments: Why Cybersecurity Matters for Private Equity Investments
Would you buy a car without taking it for a test drive? It seems obvious you would want to know the vehicle has all its parts, and that those components work together to make the vehicle operate properly. Unfortunately, in the world of private equity investing, advisers may be doing exactly that, investing in a business before taking it for a proverbial test drive to evaluate the number one risk facing any firm today: cybersecurity.
To be fair, private equity advisers conduct substantial deal related due diligence prior to deploying fund capital into a privately held business. But at the end of the day, how much of that due diligence is driven by the current financials, EBITDA, revenue forecasts, and competitive advantage? What attention, if any, is given to the information security posture of the organization? Cyberattacks on public companies make all the headlines, and it may surprise some to hear that companies of all shapes and sizes are at risk of a cyberattack or data breach. A single cyberattack or breach could put a small to mid-size company out of business once cybersecurity forensics and legal expenses mount, with drastic consequences not only for the business, its clients and employees, but also to the fund’s valuation and the investment adviser’s bottom line.
By E.J. Yerzak, CISA, CISM, CRISC and Mike Farrell, CISA, CISM – CSS Cyber IT Services