BlueVoyant: new cyber research on portfolio companies

New BlueVoyant study identifies critical focus areas for portfolio companies to reduce cyber risks and costs associated with breaches.

BlueVoyant cyber defence company has released a new report, highlighting cyber risks impacting private equity portfolio companies. The study found IT management was a top concern, with many portfolio companies struggling with IT hygiene, potentially leaving them susceptible to costly breaches. 

“When it comes to private equity portfolio companies, we see a wide range of cyber defence postures,” said Dan Vasile, vice president, strategic development at BlueVoyant. “Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritise cyber defence in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up cyber defence against less easily exploitable but equally damaging threats.”

BlueVoyant analysed 780 portfolio companies from private equity-backed firms, with the majority headquartered in the U.S., but including companies across Europe and around the globe. Key survey findings include:

  • 19% of the examined portfolio companies are exposed via “Zero Tolerance Findings” discovered in their internet-facing, publicly accessible footprints. BlueVoyant defines zero tolerance as critical known findings that are easily exploitable by malicious actors and are commonly associated with successful ransomware attacks. Should these vulnerabilities be exploited, it could lead to loss of data and service availability, translating into customer distrust and financial loss.
  • More than 70% of the critical internet-facing findings are related to IT hygiene.

“It is imperative that private equity firms effectively oversee their digital ecosystems by continuously monitoring their portfolio companies to quickly remediate issues and minimise the financial impacts of any cyber attacks,” says James Tamblin, vice chairman, strategic development at BlueVoyant. “Without proper cyber risk management, these companies can face costly repercussions, especially if improvements in IT hygiene are not made.”

At a recent private equity roundtable held by BlueVoyant in the U.K. and attended by 20 private equity firms, there was widespread recognition that cyber risk is important. But at the same time, it was felt that due diligence can slow the acquisition process down. Private equity firms competing to buy portfolio companies say that the speed of the deal is key and too much compliance can be a negative. They therefore recognise that there is a trade-off between managing cybersecurity risk and securing the deal.

“This is where BlueVoyant can really help because in a light touch, but forensic way, we can help private equity firms have that necessary level of due diligence in their processes without compromising the deal,” adds Tamblin.

To maintain cyber vigilance within private equity firms, BlueVoyant recommends proactively working within portfolio companies to reduce cybersecurity risk and avoid the costs associated with breaches. Working with portfolio companies to improve IT management practices to current standards is key, as well as establishing a prioritised risk reduction programme, and continually assessing for any weaknesses in their real-time risk posture.

BlueVoyant’s study used digital “footprints”, the mapping of an organisation’s external-facing network assets, registered IP addresses, and internet hosting presence, in order to gain comprehensive visibility into any given organisation’s attack surface using a combination of artificial intelligence and machine learning. The full research report, "Private Equity: A Look at Portfolio Company Cyber Risk," is available online here.

 

 

Share

Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security