The majority of people I speak with about cyber security due diligence are involved in private equity firms and there seems to be a common theme to these conversations. I begin the conversation with the question: “What forms of due diligence do you perform when looking at a potential investment?” The answer I invariably receive relates to financial and legal due diligence.
Unfortunately, what most firms do not contemplate is cyber security due diligence. This is typically because cyber security is the new kid on the block and therefore, is often ignored. However smart money is quickly learning that if they are going to make a solid investment that doesn’t backfire in 12-24 months, cyber security due diligence is something that can’t be ignored.
Here are three good reasons private equity should focus on cyber security:
You Need To Know Exactly What You’re Buying
Knowing what you are buying is essential when it comes to private equity investments, but you can’t possibly know what you are buying if you have not given the investment a thorough inspection under the hood. Today that inspection needs to incorporate more than just legal and financial concerns, it needs to include cyber security concerns as well.
Would you buy a car without looking at the engine? Maybe but only if you loved it so much you are willing to sink any amount of money into it to make it run like a well oiled machine. Most private equity firms, fortunately, don’t take this approach to their investments.
Firms need to know if there is data leaking from the target company. When was their last audit? When was their last cyber security assessment? If you can’t answer these simple questions, then you are not doing yourself or the people you represent any favors and you may find yourself in hot water fast.
Your Investment Needs To Hold Value Over Time
Your firm just invested 50 million on a target with the idea of turning it around in the near future for a nice profit. This is great, but you have no idea what you have actually purchased if a cyber assessment has not performed as part of the deal. Some ignore it out of ignorance and some ignore it out of fear. Either way, you don’t want to be the one holding the bag if something falls apart in the future because you didn’t cover all the bases.
If your shiny new investment is popped by a data breach, your investment just became a loser – a big loser. One way to prevent this occurrence is to make a small, but valuable, investment of about 1/2 of a percent by performing cyber due diligence prior to the purchase.
You Need To Be Able To Plan For The Future
Let’s say you invested in a target with the idea of integrating it with another previous investment. One of the key metrics you will need to know is how much future integration will cost you. In order to achieve this, you need to know what you have on your hands. You can’t plan without having accurate and integral information to make key decisions.
Do yourself a favor and give us a call, or shoot us an email. I’ll give you a free discrete consultation. And to keep up with this newly evolving field by subscribing to our email list below so I can send you new articles as they are posted by our team. Education and preparation are the keys to solid investments!