What is the biggest failure on the rise in private equity?
The answer is simple – not doing the proper cyber security due diligence before you close on the deal. And the results can be catastrophic for the long term success of any private equity deal.
Lets say the target company was breached 12 months before your private equity firm closed on the deal. How do you know whether the asset had been compromised and that the real value of the target was half of what your firm paid for it?
Now, not only did you spend twice as much money as you should have spent on the target, but you’ve compromised your reputation as a professional.
Could This Have Been Prevented?
Fortunately, the answer to this question is also simple – yes! Simply add cyber security due diligence to your list along with legal and accounting practices. A word of advice, don’t just use any cyber security firm, make sure to select one that focuses on cyber security for acquisitions. I personally favor Secure Merger. Maybe I’m just a little bit biased because I founded the company, but you know the old saying – an ounce of cure is worth a pound of prevention!
Save yourself and your company a ton of headaches and avoid the landmines by doing the cyber work ahead of time.
Cyber Security And Private Equity Firms
The private equity firms themselves need to be careful about cyber security. Coller Capital did a survey and found 55% of investors say that they will require a general partner to undergo a cyber risk assessment, and 45% will require a cyber security risk assessment of all portfolio companies.
As companies are hacked more and more often, these stats will rise very quickly as people realize that cyber security due diligence is not an option. One of the biggest hurdles at this point in time is private equity actually understanding what goes into cyber security due diligence.
If you hire a “team” and they go onsite for one day and give you a report, you have purchased a very cursory review of your company’s risk in purchasing this asset. There is no way proper cyber due diligence can be performed in this short of a duration of time, a minimum of two weeks is needed to do a thorough analysis. If it is being performed in a shorter duration, they are cutting corners. And we all know the saying – “you get what you pay for.” This is especially true with cyber risk analysis.
If you are a private equity firm and your average deal is 20M+, take us up on our free consultation where we lay out things that you should be looking for regarding cyber risks and how to protect your firm.
Is Cyber Due Diligence Worth The Extra Cost?
The answer to this is different for everyone. If your deal is less than 10M in total value, the cost might not be justified. However, if you are integrating the target into your bigger overall operations, then the cyber security due diligence is worth it’s weight in gold.
Ask yourself these simple questions:
- If operations went offline, what would that cost you financially?
- What type of hit would your brand take as a result of the work stoppage?
- Am I exposing my bigger operations to risk by integrating this new asset into our systems?
Thinking about acquiring a new asset for your firm? Now is the time to asses he risks to your company. Give us a call at Secure Merger and let us help you minimize your risk and make sure that your private security equity deal is the success it should be!