Skip to main content Skip to footer
Private Equity Services

Private equity and the rising cost of cyberattacks

三月 3, 2023 5-分钟速读

RESEARCH REPORT

In brief

  • Non-state actors are targeting the private equity (PE) industry explicitly.
  • Many portfolio companies lack the cyber maturity required to monitor, protect and respond to incidents.
  • PE firms can mitigate these risks, painlessly and without sacrificing speed.
  • Models are emerging to reduce exposure and deliver cybersecurity capabilities across the portfolio.

Why private equity firms are prime targets

The announcement of a deal and the appeal of ready cash can attract cyber attackers the same way an open purse attracts pickpockets.

68%

of our clients see an uptick in cyber incidents during the month of a deal closure.

$1m+

is the average ransom paid for mid-sized companies.

1 in 2

lack cyber insurance. For those companies that do, insurance costs will likely go up after a claim.

With the price tag comes an array of consequences: 

  • The reputations of both the portfolio company and the private equity (PE) firm are at risk. 
  • The acquired portfolio company’s value creation can be sandbagged, not to mention the value of the overall holding enterprise. 
  • To add insult to injury, once paid, threat actors could come back, targeting the PE firm itself or infiltrating other portfolio companies. 

Many business leaders are aware of cyber-risk issues. At the same time, just 27% feel confident their organization is cyber resilient.

Cyber Champions achieve lower costs per attack

Acquisition candidates are highly vulnerable. Mid-sized companies, the sweet spot of PE, tend to operate with lower budgets for their cybersecurity systems. At the same time, PE firms look to achieve growth and are keen to move at a fast clip.

As a consequence, there is a temptation to undervalue or completely overlook cybersecurity. This means most of these portfolio companies may fall into a category deemed “Cyber Risk Takers”.

Easy moves and small investments can make a big difference in exposure—financial, operational and reputational. Cyber Champions stop more attacks and face less disruption.

 

 Cyber Risk TakersCyber Champions

Stop more attacks

Attacks that breach

security

1 in 21 in 6

Find breaches faster

% breaches found in <1 day

11%55%

Fix breaches faster

% fixed in 15 days or less

30%100%

Reduce breach impact

% breaches with no impact

55%72%

Five steps to improve cybersecurity

Based on the experience serving 3,100 clients worldwide, we recommend five steps that can be taken to improve a portfolio company’s cybersecurity capabilities before deals are inked. This helps firms prepare for the expected spike in incidents and build cyber resilience as part of a strong digital core:

Rethink the cyber model

Building internal capacity is neither fast nor necessarily useful. Instead, have someone else do the blocking and tackling.

Improve how you approach due diligence

PE firms can limit their due diligence efforts to a week, to then double down on remediation opportunities before deal announcement.

Provide basic security hygiene

There are often quick wins that don’t require significant interventions yet increase the resilience of the portfolio company. 

Reduce your blast radius

Not everybody should have access to everything. A quick review followed by one-time remediation prevents overly open access.

Ensure incident response readiness

Prepare for the worst with a tested response plan. The damage of an attack can oftentimes multiply because of misguided communication and uncoordinated action.

Increase resilience with ease and at speed

Cyber threats have raised the stakes for PE firms and their portfolio companies. Beyond any immediate costs, the reputations of everyone involved hangs in the balance. That’s the bad news. 

The good news? Interventions can be catalyzed quickly and painlessly. And can be done before deals are closed, to prepare for a surge in cyberattacks, manage the risk and ensure speed to value. 

Looking to improve cyber resilience for your portfolio while reducing your cybersecurity insurance expense? Accenture ranks first in cybersecurity service providers, employing more than 16,000 professionals globally. 

Paolo Dal Cin

Lead – Security, Global

Ramnath Venkataraman

Senior Managing Director – CTO and Managed Services Lead, Private Equity

Brian Crandall

Senior Managing Director – Private Equity

Bleuzenn Pech de Pluvinel

Managing Director – Private Equity

Martin Metz

Managing Director – Accenture Security

Related capabilities

Private equity

Our end-to-end services help firms leverage technology to unlock profits and growth.

Security

Wherever your business goes, whoever it works with, you need cybersecurity that covers it all.

Mergers & acquisitions

We can help you stay on course to drive strategic value from your pursuits.

Frequently asked questions

Cyberattacks are attempts to steal, expose or outright destroy information through unauthorized access to IT systems. They are on the rise in every business sector. On average, companies face a 31% year-over-year increase in cyber incidents. Geopolitical instability, rapidly maturing and emerging technologies, and a lack of available talent compound the issue.

Private equity firms and their portfolio companies are alluring to cyber criminals. They hold a wealth of sensitive information, may fall into a category deemed Cyber Risk Takers and are known to have capital on hand. By increasing their performance to Cyber Champion levels, Cyber Risk Takers could reduce costs per successful attack by 65%.

For mid-sized companies, the average ransom paid is well over US$1 million. Nearly half of these companies lack cyber insurance and for those that do, insurance costs will likely go up after a claim. But there are other risks as well. The reputations of both the portfolio company and the private equity firm are at risk, value creation can be sandbagged, and—once paid—threat actors could come back to target the private equity firm itself or infiltrate other portfolio companies.

To build cyber resilience as part of a strong digital core, we recommend five steps that can be taken to improve a portfolio company’s cybersecurity capabilities before deals are inked. Rethink the cyber model; improve how you approach due diligence; provide basic security hygiene; reduce your blast radius; and ensure incident response readiness.