RESEARCH REPORT
Private equity and the rising cost of cyberattacks
3-MINUTE READ
March 4, 2023
RESEARCH REPORT
3-MINUTE READ
March 4, 2023
The announcement of a deal and the appeal of ready cash can attract cyber attackers the same way an open purse attracts pickpockets.
68%
of our clients see an uptick in cyber incidents during the month of a deal closure.
$1m+
is the average ransom paid for mid-sized companies.
1 in 2
lack cyber insurance. For those companies that do, insurance costs will likely go up after a claim.
With the price tag comes an array of consequences:
Many business leaders are aware of cyber-risk issues. At the same time, just 27% feel confident their organization is cyber resilient.
Acquisition candidates are highly vulnerable. Mid-sized companies, the sweet spot of PE, tend to operate with lower budgets for their cybersecurity systems. At the same time, PE firms look to achieve growth and are keen to move at a fast clip.
As a consequence, there is a temptation to undervalue or completely overlook cybersecurity. This means most of these portfolio companies may fall into a category deemed “Cyber Risk Takers”.
Easy moves and small investments can make a big difference in exposure—financial, operational and reputational. Cyber Champions stop more attacks and face less disruption.
Based on the experience serving 3,100 clients worldwide, we recommend five steps that can be taken to improve a portfolio company’s cybersecurity capabilities before deals are inked. This helps firms prepare for the expected spike in incidents and build cyber resilience as part of a strong digital core:
Building internal capacity is neither fast nor necessarily useful. Instead, have someone else do the blocking and tackling.
PE firms can limit their due diligence efforts to a week, to then double down on remediation opportunities before deal announcement.
There are often quick wins that don’t require significant interventions yet increase the resilience of the portfolio company.
Not everybody should have access to everything. A quick review followed by one-time remediation prevents overly open access.
Prepare for the worst with a tested response plan. The damage of an attack can oftentimes multiply because of misguided communication and uncoordinated action.
Cyber threats have raised the stakes for PE firms and their portfolio companies. Beyond any immediate costs, the reputations of everyone involved hangs in the balance. That’s the bad news.
The good news? Interventions can be catalyzed quickly and painlessly. And can be done before deals are closed, to prepare for a surge in cyberattacks, manage the risk and ensure speed to value.
Looking to improve cyber resilience for your portfolio while reducing your cybersecurity insurance expense? Accenture ranks first in cybersecurity service providers, employing more than 16,000 professionals globally.