Four cyber security principles that will help private equity funds maximise their return on investment
01 October 2020
The frequency and impact of cyber attacks are increasingly focusing minds in private equity on the potential impact on value that a cyber security incident could have.
A new guide published by the British Private Equity and Venture Capital Association (BVCA), supported by PwC, explains the importance and nuances of cyber security within the deals lifecycle. It sets out the key considerations and priorities across the entire lifecycle of an investment, from due diligence through to preparation for sale.
Along with practical information to help maximise your return on investment, the guide sets out four key principles:
1. Cyber security incidents can significantly impact business value
Buyers need to know the risks they are potentially acquiring; for example, an acquisition might have unknown security flaws that could either lead to a costly data breach or require a major infusion of capital to fix. Equally, the business might have hidden liabilities arising from historic data breaches.
2. Your focus on security shouldn't end after the transaction
Following any acquisition, there will be a range of tactical and strategic decisions to make about cyber security. This includes quickly resolving key risk exposures identified during due diligence and ensuring any proposed business integrations don't create a security risk. Getting these decisions right will enable you to safeguard value during the hold period.
3. More money isn't always the answer
Though cyber security is important for protecting an investment, you should also look for efficiencies and ways to minimise wasted spend. Throwing more money at the problem is not necessarily the answer. Ensure your portfolio companies’ resource model, processes, technology and services spend are optimised to provide maximum return on investment.
4. Buyer scrutiny is increasing
While other factors will undoubtedly take a higher priority as you prepare for sale, cyber security should definitely be a factor in pre-divestment planning. Buyer scrutiny has increased, so as you craft your exit plan ensure that management has access to the necessary information and documentation so they can articulate the business's security capability.
You should also consider how security supports your wider value story. For example, businesses that store highly sensitive or regulated data, or whose value is fundamentally technology driven, often enjoy an accelerated sale process if they can show that security has been an integral part of their business plan.
By adopting a buyer mindset, the business will be prepared to provide a transparent overview of its current state of cyber security, which will help expedite the sale and maximise your return on investment.