- The risk of cyber attack presents an ever-increasing threat to commercial results, through lost business, fines, ransom and fraudulent payments as well as resulting reputational damage. Furthermore, in the world of private equity, cyber risk presents a direct threat to Enterprise Value. We wanted to demystify this threat and so we conducted a ‘Maturity Assessment’, across each business, to determine their readiness and the risk to them.
- We created a standardised ‘end to end’ cybersecurity assessment, employing industry best-practice frameworks and standards across fourteen non-technical (for example, governance and risk management) and technical (for example, malware protection) control areas.
We assessed 34 companies within the Hg portfolio. Each questionnaire response was constructively challenged, scored and relevant observations or recommendations discussed and noted. Then, actions were agreed with the business executive team.
Once we had collated this information we drew it together to generate a ‘portfolio level’ view of cybersecurity risk. It is our intention that we will review this, at both a company and portfolio level, every six and 12 months.
Most importantly, this has been an exercise in preparation and support. Not only have we been able to identify areas for improvement but we’ve been able to develop tools, as a community, for tackling them. We’ve formed a cybersecurity community, of CTOs, CIOs and CISOs, from within our portfolio and we’ve developed a Minimum Standard, as well as ‘Jump Start’ materials such as our Risk Register. Understanding, preparedness and maturity are improved across the Hg community and we continue to work to reduce the threat and risk level.