Read the report here

Cyber-risk issues are top of mind for business leaders. Acquisition candidates are highly vulnerable. Mid-sized companies, the sweet spot of private equity, tend to operate with lower budgets for their cybersecurity systems. At the same point, time is of the essence, and private equity firms are operating at an ever-faster pace. 

As a consequence, there is a temptation to undervalue or completely overlook cybersecurity. This means most of these portfolio companies may fall into a category deemed 'Cyber Risk Takers'. 

The average ransom paid by mid-size companies, plus the costs of the consequences of a cyberattack, is over $1mn. 68% of Accenture’s clients see an uptick in cyber incidents during the month of a deal closure. 

Easy moves and small investments can make a big difference in exposure, stopping more attacks and seeing companies face less disruption. Because just 27% of business leaders feel confident their organization is cyber resilient.

Accenture recommends a number of steps to build cyber resilience: 

1. Rethink the cyber model 
   Building internal capacity is neither fast nor necessarily useful. Instead, have someone else do the blocking and tackling. 
2. Improve the approach to due diligence 
   PE firms can limit their due diligence efforts to a week, to then double down on remediation opportunities before deal announcement.
3. Provide basic security hygiene
   There are often quick wins that don’t require significant interventions yet increase the resilience of the portfolio company.
4. Reduce the ‘blast radius’ 
   Not everybody should have access to everything. A quick review followed by one-time remediation prevents overly open access. 
5. Ensure readiness for incident response 
   Prepare for the worst with a tested response plan. The damage of an attack can oftentimes multiply because of misguided communication and uncoordinated action.

Cyber threats have raised the stakes for private equity firms and their portfolio companies. Beyond any immediate costs, the reputations of everyone involved hang in the balance. 

The good news? Interventions can be catalyzed quickly and painlessly and can be done before deals are closed. 

To prepare for a surge in cyberattacks, to manage the risk and to ensure speed to value, read Accenture’s full report on the rising costs of cyberattacks in private equity here. 

Ramnath Venkataraman Senior Managing Director, Accenture

Accenture Private Equity partners globally with private equity clients across their investment life cycle. We provide end-to-end services that span due diligence and deal support, transition and transformation planning, as well as portfolio company value creation, using proven solutions underpinned by digital and technology. In addition to supporting the investment life cycle, we help private equity firms reinvent the ways they create value through scaled portfolio capabilities, shared services and access to leading ecosystem partners. Visit us at accenture.com/PrivateEquity.