17.3 C
London
Sunday, October 2, 2022

How PE and VC firms can protect themselves (and their portfolio companies) from cyber risk

Must read

Cheese sold in US and Mexico recalled due to Listeria outbreak

Brie and Camembert cheeses sold nationwide in the US and Mexico have been recalled after being linked to a Listeria outbreak that led to...

Pico by ByteDance debuts its Meta Oculus rival, but challenges remain • londonbusinessblog.com

When ByteDance bought Chinese VR headset maker Pico a year ago, the message was clear: It's betting that the immersive device would be where...

Form Bio Says Now Is Time To Launch – Despite Cooling Software Sales

As companies strive to cut costs and bring in spending within the uncertain macroeconomic environment, Form Bio thinks it's actually the perfect time to...

Coinbase Has Suspended Transactions In US For Hours To Fix Wire Transfer Issues

Coinbase temporarily halted transactions for users in the US due to an issue that prevented the company from processing withdrawals or deposits with bank...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Doug Howard is CEO of pondurance

Cyber ​​breaches are increasing rapidly, both in size and scope. With venture capital financing reaching an all-time high of $643 billion last yearPrivate equity (PE) and venture capital (VC) firms – along with their portfolio companies – are also facing more cyber threats and breaches and need to be better prepared than ever before.

In fact, the Securities and Exchange Commission (SEC) wants to ensure that registered investment companies such as PE and VC funds take the cyber threats seriously. The SEC recently proposed a new set of rules requiring companies to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks and require notification of significant cybersecurity incidents to the Commission.

“The proposed rules and changes are designed to improve cybersecurity preparedness and may improve investor confidence in the resilience of advisors and funds to cybersecurity threats and attacks,” said SEC Chair Gary Gensler.

The SEC notes that PE and VC funds, among other investment firms and advisors, are exposed to and dependent on a wide network of interconnected systems and thus face numerous cybersecurity risks. It says the proposed rules are intended to help the SEC better assess systemic risk and better monitor these funds.

These claims are not without foundation. Medium-sized companies – along with their financiers – are increasingly being targeted by hackers. In particular, ransomware groups are known to read headlines and go after recently funded companies because they know how much money they have in the bank. And if the hackers are successful, they also know that not just one company is at risk, but potentially the entire portfolio of a private equity or venture capital firm.

While alarming, these trends are forcing PE and VC companies to rethink their security systems and processes. Here are three ways companies can better measure the cyber-preparedness of their portfolios and significantly mitigate risk.

1. Conduct cyber research on portfolio companies.

Today’s attack surface is bigger than ever before, thanks to the proliferation of mobile devices and the fact that so many employees are working from home and logging in remotely. As a result, VC and PE firms must be extremely vigilant when assessing the cybersecurity capabilities of new potential investments.

A cyber risk assessment should examine the vulnerabilities in a portfolio company’s IT environments and the extent of damage that could occur in the event of a breach. While it is difficult to thoroughly assess any potential investment for effective cybersecurity measures, cyberdiligence can provide reasonable insight into a company’s current capabilities.

For example, does the portfolio or target company properly train its employees to prevent them from falling prey to phishing or malware attacks? Has the company implemented technologies such as multi-factor authentication that can prevent bad guys from abusing weak or stolen passwords and credentials? If a cyber breach occurs, how quickly is the company able to detect and respond to the threat? Has it performed penetration tests to see which systems are susceptible to hacking?

It is imperative for VC and PE firms to establish basic cybersecurity requirements to ensure portfolio companies and potential investment targets are not ducks for hackers.

2. Make sure your own business is safe.

PE and VC companies shouldn’t just talk; they have to walk the walk. They need to ensure that their own cybersecurity practices are top-notch so that they can lead by example for their portfolio companies.

Conducting a cyber risk assessment can help you find weaknesses and build your cybersecurity framework. There are many types of assessments, including NIST Cybersecurity Framework, NIST 800-53, NIST 800-171, NY Department of Financial Services (NYDFS), and more. These assessments can help you identify security risks and close any gaps.

It is also important to plan for disruption if and when a cyber incident occurs. By putting together an incident response plan, PE and VC companies can better identify, prevent and respond to business disruptions and potentially avoid millions of losses. In addition, your incident response plan must now include reporting to the SEC when significant cybersecurity incidents occur.

3. Implement managed detection and response.

Managed detection and response services (MDR) can play a critical role in protecting investment firms and their portfolio companies. MDR service providers can help you keep a constant eye on incoming attacks and help you take immediate action if and when they happen.

What makes MDR so valuable is that it provides round-the-cloud security services from a team of outsourced analysts. The reality is that most companies do not have the in-house resources to staff a full-fledged security center. But with MDR, you get a team of experts who are by your side 24/7. These people are specially trained to detect anomalous activities in your network and react immediately to possible threats.

Last year was a record year for investment, especially for cybersecurity startups. Last year they raised $29.5 billion in venture capital, more than doubling the $12 billion raised in 2020. It is clear that investors understand the magnitude of the cyber threats that companies face today. They must also understand that they are not immune to this threat and take appropriate measures to defend themselves and their portfolio companies.

Cleaning up after a beach, if a business survives, is much more expensive than preventive actions to reduce cyber risk.


londonbusinessblog.com Business Council is the leading growth and networking organization for entrepreneurs and leaders. Am I eligible?


More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Cheese sold in US and Mexico recalled due to Listeria outbreak

Brie and Camembert cheeses sold nationwide in the US and Mexico have been recalled after being linked to a Listeria outbreak that led to...

Pico by ByteDance debuts its Meta Oculus rival, but challenges remain • londonbusinessblog.com

When ByteDance bought Chinese VR headset maker Pico a year ago, the message was clear: It's betting that the immersive device would be where...

Form Bio Says Now Is Time To Launch – Despite Cooling Software Sales

As companies strive to cut costs and bring in spending within the uncertain macroeconomic environment, Form Bio thinks it's actually the perfect time to...

Coinbase Has Suspended Transactions In US For Hours To Fix Wire Transfer Issues

Coinbase temporarily halted transactions for users in the US due to an issue that prevented the company from processing withdrawals or deposits with bank...

The Top 10 Franchise Location Selection Services

When franchisees sign on the dotted line, one of the priorities is finding the perfect location. This is often handled by commercial real...