Cybersecurity Diligence is Financial Diligence
By treating cybersecurity diligence like it is an element of financial diligence, private equity firms can quickly gain a competitive advantage over slower movers and recognize the gains within the lifecycle of upcoming investments.
As more investors are coming to learn through firsthand experience, cybersecurity posture, even at small companies with limited sensitive assets, can represent a material change to the financial thesis they calculate prior to closing a transaction. With roughly 65% of private equity investments coming in at $50 million or less, and the average cost of recovering from a breach in the SMB sector at about $150,000, the numbers add up quickly, and scale as would be expected with company size and complexity.
Even if the worst case scenario doesn’t hit an investment, with 3-7 year hold times for many private equity firms, it is nearly certain that by the time an acquisition is ready to be positioned for an exit, prospective purchasers will be more mature cybersecurity evaluators than they are today. Even at the smallest companies, the difference between a solid baseline focus on cybersecurity, potentially including investments in technology, staff, or outsourced managed service providers, is likely to generate returns much the way other areas of differentiation like operating efficiency and a fluid go-to-market motion do today.
This evolution in the market creates a great opportunity. For minimal time and expense, investors can not only properly evaluate an acquisition if red flags are discovered, but also gain actionable insights into a company’s cybersecurity posture. In 2020, and even more so by 2025, cybersecurity maturity has a direct monetary value, and for firms that are early movers, the returns will be high.