BlueVoyant Research Reveals Private Equity Portfolio Company Cybersecurity Challenges
New study identifies critical focus areas for portfolio companies to reduce cyber risks and costs associated with breaches
NEW YORK, November 21, 2022 — BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released a new report, highlighting cyber risks impacting private equity portfolio companies. The study found IT management was a top concern, with many portfolio companies struggling with IT hygiene, potentially leaving them susceptible to costly breaches.
“When it comes to private equity portfolio companies, we see a wide range of cyber defense postures,” said Dan Vasile, vice president, strategic development at BlueVoyant. “Cybersecurity as a subset of risks is sometimes overlooked. This analysis confirms the need to prioritize cyber defense in order to protect portfolio company value. The private equity space is beginning to get on track. However, we must button up the entire process to protect those vulnerable entities, as well as ramping up cyber defense against less easily exploitable but equally damaging threats.”
BlueVoyant analyzed 780 portfolio companies from private equity-backed firms, with the majority headquartered in the U.S., but including companies across Europe and around the globe. Key survey findings include:
19% of examined portfolio companies are exposed via “Zero Tolerance Findings” discovered in their internet-facing, publicly accessible footprints. BlueVoyant defines zero tolerance as critical known findings that are easily exploitable by malicious actors and are commonly associated with successful ransomware attacks. Should these vulnerabilities be exploited, it could lead to loss of data and service availability, translating into customer distrust and financial loss.
More than 70% of the critical internet-facing findings are related to IT hygiene.
“It is imperative that private equity firms effectively monitor their digital ecosystems by continuously monitoring their portfolio companies to quickly remediate any issues and overcome any cyber attack financial impacts,” says James Tamblin, vice chairman, strategic development at BlueVoyant. “Without proper cyber risk management, these companies can face costly repercussions, especially if improvements in IT hygiene are not made.”
To maintain cyber vigilance within private equity firms, BlueVoyant recommends proactively working within portfolio companies to reduce cybersecurity risk and avoid the costs associated with breaches. Working with portfolio companies to improve IT management practices to current standards is key, as well as establishing a prioritized risk reduction program, and continually assess for any weaknesses in their real-time risk posture.
BlueVoyant’s study used digital “footprints,” the mapping of an organization’s external-facing network assets, registered IP addresses, and internet hosting presence in order to gain comprehensive visibility into any given organization’s attack surface using a combination of artificial intelligence and machine learning. The full research report, "Private Equity: A Look at Portfolio Company Cyber Risk," is available online here.
BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant’s approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.
BlueVoyant Press Contact