BlueVoyant, the market-leading cybersecurity company that combines internal and external cybersecurity, today released a new report highlighting the cyber risks affecting portfolio companies owned by private investors. The study shows that IT governance is a top concern for countless portfolio companies with IT hygiene issues, making them potentially vulnerable to costly breaches.
“When it comes to portfolio companies with private equity, we see a wide range of cyber defense positions,” said Dan Vasile, vice president of strategic development at BlueVoyant. “Cyber security as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect the value of portfolio companies. The private equity industry is starting to bounce back. However, we need to improve the entire process to protect these vulnerable targets while strengthening cyber defenses against less exploitable but no less destructive threats. »
BlueVoyant analyzed 780 private equity portfolio companies, most of which are headquartered in the US but include companies in Europe and worldwide. The main conclusions of the study are as follows:
● 19% of portfolio companies surveyed are at risk due to “zero tolerance findings” found in their publicly available online fingerprints. BlueVoyant defines zero tolerance as known critical outcomes that can be easily exploited by attackers and are typically associated with successful ransomware attacks. Exploitation of these vulnerabilities could result in loss of data and service availability, resulting in customer distrust and financial loss.
● More than 70% of Internet-related critical findings relate to IT hygiene.
“It is critical that private equity firms effectively monitor their IT systems by constantly monitoring their portfolio companies to quickly resolve any issues and mitigate any financial impact of cyberattacks,” said James Tamblyn, vice president of strategic development at BlueVoyant. “Without proper cyber risk management, these organizations can face costly consequences, especially if advances in IT hygiene are not made. »
To maintain cyber vigilance in private equity firms, BlueVoyant recommends actively engaging with portfolio companies to mitigate cybersecurity risks and avoid the costs associated with breaches. It is critical to work with portfolio companies to improve their information technology management practices and bring them up to current standards, as well as to establish a prioritized risk mitigation program and continuously assess any weaknesses in their risk position in real time.
The BlueVoyant study used digital “fingerprinting,” i.e., matching an organization’s external network assets, recorded IP addresses, and online hosting presence, to gain insight into a given company’s attack surface using a combination of artificial intelligence and machine learning. The full research report “Private Equity: A Portfolio Company Cyber Risk Perspective” is available online here.
BlueVoyant integrates internal and external cyber defense capabilities into a results-based platform called BlueVoyant Elements. Elements runs in the cloud and constantly monitors your network, endpoints, attack surface, and supply chain, as well as the clean, deep, and dark web, looking for vulnerabilities, risks, and threats; and takes action to protect your business, using both machine learning-based automation and human experience. Elements can be deployed as a standalone solution or as a complete cyber defense platform. BlueVoyant’s approach to cybersecurity is built around three key elements – technology, telemetry and people – that deliver industry-leading cybersecurity to more than 700 customers worldwide.