Cybersecurity is now an issue for executive leadership, not the IT department.

Dealmakers consider cybersecurity increasingly vital, but they are not very confident in their solutions.

What we did:

New Heights surveyed an anonymous sample of private equity investors, bankers, and consultants about the importance of cyber security to their transaction/acquisition processes.

What we found:

Respondents unanimously expect spending on cybersecurity and cyber diligence to increase over the next 2-3 years. Most believe they will spend 11-20% more, but they are only “moderately confident” in the effectiveness of their solutions.

Cyber attacks against businesses in North America increased by an alarming 47% between 2021 – 2022, according to Check Point Research.

Ransomware attacks were the most common. In these cases, business operations are frozen and effectively held hostage in exchange for payment to hackers. Compromised customer information may be sold or otherwise disseminated, damaging relationships built over the life of the business.

Given the level of risk, cybersecurity is no longer a matter for IT departments. It’s now a mission-critical matter for executive leadership. Gartner’s 2022 Board of Directors Survey reported that 88% of Boards view cybersecurity as a business risk, rather than a functional technology issue.

~82% of respondents serving the PE deal space regard cybersecurity as “critically important” or “very important.”

New Heights’ polling indicates that the private equity community agrees. While much PE acquisition activity targets middle market firms, those companies face the same cyber threats as the largest corporations.

A respondent from a Private Equity firm noted, “Premiums for cybersecurity insurance have probably tripled in the last few years, driving cybersecurity importance.” A Consultant respondent concurred, remarking, “Insurance companies are becoming more diligent, leading to the inability to transfer risk.”

However, it is direct exposure to liability that has crystalized the issue of cybersecurity.

Another Private Equity respondent observed, “Laws have been enacted that push liability for data breaches down the chain to all vendors and in many cases to directors and officers of companies personally.” These concerns now make cybersecurity an issue of executive governance, as opposed to an operations or IT function.

While already of key importance, 75% believe cybersecurity will become “much more important” to their deal-making processes.

“Company assets are increasingly intellectual property,” a Consultant respondent said, “And the threat to those is increased via cyber crime.” Company assets also become increasingly vulnerable to cyber intrusions as they move onto the cloud. A Cyber Consultant respondent commented, “The more cloud based interactions the more the fail-points.”

However, respondents’ confidence in the effectiveness of their cybersecurity is only moderate-to-low.

~86% of respondents were “moderately confident” or less-than-moderately confident in their solutions, despite recognizing the importance and urgency of cybersecurity protection.

Lower confidence in cybersecurity practices may be justified.

Why the disconnect between awareness of cybersecurity’s importance and respondents’ confidence in their current practices? According to Tom Evans, Chief Information Security and Operating Office of CybX Security, respondents’ lack of confidence may be well-founded. “We have an assessment that can come in and very quickly give you a report card on how secure you are against the various compliance requirements of ANSI, ISO and NIST,” he said. “We do it on a regular basis, and nobody passes. Everybody who thinks they’re covered, they aren’t.”

Even with only moderate confidence in their solutions, respondents are looking to increased spend against cyber threats as part of their acquisition processes.

Respondents unanimously expect to spend more for cybersecurity. ~67% look to grow their spend between 11-20%.

New Heights can connect you with cybersecurity solutions appropriate for your business, budget, and industry.

To learn more about cybersecurity for the private equity community, or to find a solution that fits your business or portfolio company within budget, contact us. We can help you navigate the necessities and establish effective protection that best suits your needs.

William Weaver

William Weaver is Senior Consultant with New Heights Research.