skip to Main Content

The Interplay of Investment and Cybersecurity: A Due Diligence Exploration

Investment and Cyber Security

When assessing a scale-up firm, we imagine (and hope for) robust technology, impenetrable security, and digital product mastery. Yet, as our tech due diligence reveals, there are often unforeseen narratives beneath the surface.

Investment and Cybersecurity: More Connected Than Ever

The connection between business success and its digital weaknesses is inextricable. It’s not just about the business’s direct profitability but the sustainability of that profit in an increasingly digital realm.

Below are some informal/internal notes of a previous cyber-security assessment. I hope sharing these will give you an understanding of severity without veering into technical jargon.

In addition to platform security, we tend to find many firms have weak measures protecting their internal IT. As per this FT article, employees’ logins were ‘hacked and traded’ on cybercriminal forums for firms like Wells Fargo, WPP, Experian, Diageo, Wayfair, Epic Games and Adobe.

Hence, IT leaders at portfolio firms must protect the platforms they create and the internal IT systems simultaneously. Yet, it is rare that we meet teams that are good at both.

An outside-in cyber assessment

The results below are from a firm’s ‘Outside In’ assessment. I’ve used the engineer’s informal notes instead of a polished report.

What is an outside-in cyber assessment?

This is a service where we check the cyber security defences and general information about the firm as if we were a nefarious attacker. Note that we utilise publicly available material and do not attempt to ‘test’ (or hack) the systems.

This information helps buyers understand how the firm looks from an attacker’s perspective:

Overall: Developed by someone who thinks the world is a safe place.

This is a jovial/throwaway comment, but the sentiment is serious. If the development team realised how advanced attackers are, they would invest to protect their business.

In the report, it appears the masterminds of this system were not up to date with today’s cyber risks.

  • Mininal indication the business has focused on cyber: Their compass for modern InfoSec hints at a disconnect with the current cybersecurity landscape.
  • Unaware of How vulnerable they are: Collecting vulnerabilities, leaving an opening for cyber attackers.
  • Old perspective on cyber: Their tech perspective is charming but perhaps out of place in today’s fast-paced digital world.
  • Ports to their database and APIs are open: An open-door policy that might be too generous.
  • Critical IP exposed to the Internet: A treasure exposed, beckoning risks that are too great to ignore.

Overall – he gave them a Grade – C+ for their InfoSec Stance. A sign of potential but a clear indication that there’s a risky road ahead without some work.

Investment and Cybersecurity: Deciphering the Implications

Whilst these are light-hearted observations, the underlying seriousness cannot be overstated. Investment and cybersecurity are closely intertwined. When a firm’s IP stands exposed, it’s not just a technical glitch but a significant investment risk.

For the discerning investor, it’s essential to understand that cybersecurity isn’t just a tech challenge; it directly influences a business’s valuation, growth potential, and long-term viability. As digital threats evolve, the costs of financial and reputational breaches can be monumental.

Final Thoughts for Investors

Joking aside, one thing is clear – robust digital defences are as crucial as a healthy balance sheet. It’s not just about immediate profits but ensuring those profits can withstand the myriad challenges of the digital age.

In the investment landscape, consider cybersecurity not merely as a checkbox but as a cornerstone of sustainable growth. 🌐🔐📈

Hutton Henry
Hutton Henry
Hutton has worked with Private Equity Portfolio firms and Private Equity funds since 2015. Having previously worked in post-merger integration for large firms such as Ford and HP, Hutton understands the value of finding issues prior to M&A deals. He is currently the founder of Beyond M&A and provides technology due diligence for VC, PE and corporate investors, so they understand their technology risks before entering into a deal.

Take our FREE Scorecard to find out if your investment is at risk.

Discover the value of technology in your portfolio and target investments to gain more confidence and uncover potentially significant risks that could affect the value of a sale or an acquisition.

More Stories

Back To Top