Cybersecurity Protocol for Private Equity
Nearly all private equity groups have dealt with a ransomware breach. Private equity funds are responding with security theater in the form of a cybersecurity box checking exercise.
- ☐ Buying third-party monitoring solutions that don’t include remediation or incident response.
- ☐ Buying expensive cyber-insurance that includes incident response capabilities but no-one in the company knows how or when to activate it.
- ☐ Buying cybersecurity products but failing to address the major causes of most security incidents: foundational IT practices and employee training.
You can’t eliminate cybersecurity risk, but you can be in the top 10% of your peers and cap your downside. Don’t engage in security theater. Use cybersecurity as a catalyst to develop the core infrastructure and operational processes needed to be a foundation for digital transformation and innovation.
The Plektron Approach
Plektron works with you at the fund level to define reliable and repeatable processes for managing cybersecurity and IT risks. Components of the Plektron Cybersecurity Protocol at the fund level:
- Understand the needs of your portfolio Define company specific minimum standards
- Create a cybersecurity playbook Integrate cybersecurity into underwriting and overall risk management processes
- Establish third-party relationships Where gaps exist, recommend fund-preferred insurance and IT vendors
Each portfolio company is assessed against the protocol and a roadmap is developed to achieve the standard where deficiencies exist. Components of the Plektron Cybersecurity Protocol at the portfolio company level:
- Survey each portfolio company against standards Review and verify responses for accuracy
- Assess and validate capabilities Ensure you have the correct IT people and vendors
- Companies will have shortcomings Develop a roadmap to achieve standards and limit people/vendor risks