Cyber security from a private equity perspective

Investing in cyber

Cyber security is a universal concern in the financial sector. As threats and attacks know no boundaries, firms are increasingly focused on approaches to mitigate, protect, and manage cyber risks. And private equity firms are also eyeing opportunities.

At a recent Private Equity event in Paris, hosted by RBC Investor & Treasury Services (RBC I&TS) in partnership with Olivier Younès, Founding CEO at EXPEN, panelists discussed the current cyber environment and response strategies. 

Investors look to leverage investment potential

Increased awareness and spending on cyber security has resulted in private equity investors exploring the sector for investment opportunities. Bertrand Folliet, Managing Partner at Entrepreneur Venture, is aware of several funds that became more actively engaged in establishing a more robust cyber mitigation program after experiencing cyber fraud attempts. From a private equity perspective, that interest is then being converted to identifying investments in the fintech sector with firms that focus on cyber security.

Managing against cyber threats

While not all companies are faced with daily cyber attacks, there is a widespread understanding of the value and importance of adopting measures to help protect against cyber risk. “Most firms today acknowledge that it is no longer a question of ‘if’ an attack will occur, but ‘when’, says Julie Zanon, Head of Information Technology (IT) for RBC I&TS in France. “The risks are multiplying and can include financial fraud and data theft, and potential reputational risk,” she notes.   

“It can be hard to recover from an attack, including the reputational impact, which could also result in a loss of clients. In such a competitive business environment, that is certainly an outcome most would want to avoid,” says Sébastien Faivre, founding CEO of cyber risk detection software company Brainwave. To mitigate against these undesirable consequences, companies in all sectors are taking action.

Human resources play a key role

“Cyber security is a corporate governance matter,” says Pierre Meignen, Managing Director and Member of Eurazeo PME Executive Board. “It has to be visibly supported by the company’s top management to be taken seriously by employees.” This approach, however, is not yet firmly imbedded. According to a study conducted in February 2019 by Deloitte1 with IT managers across 850 companies, only 25 percent of companies have their security team directly tied to the executive committee. According to Philippe Legrand, Managing Director at RBC I&TS in France, this highlights the need for a focused multi-pronged approach. “Cyber security is a vast and evolving domain, which includes both technological challenges as well as human ones,” he says.

The risks are multiplying and can include financial fraud and data theft, and potential reputational risk

Cyber criminals use the potential for human error as a point of attack and are employing increasingly sophisticated methods to gain entry. To address this threat, many firms, including RBC, are establishing robust training programs that include phishing simulation tests throughout the year to educate employees and raise awareness about cyber risks. “The purpose of these tests is to make sure everyone is engaged and has a clear understanding of their role in helping to prevent and thwart cyber threats,” says RBC I&TS’ Zanon.

New business models emerge

IT and risk departments are now working more collaboratively and the chief information security officer (CISO) role is becoming prevalent across all industry sectors. In response to the rising sophistication of fraudsters, cyber security solutions have also become more advanced, thanks to technologies such as artificial intelligence (AI). For this reason the search for talent is even more critical. “Recruitment and training of qualified personnel is a strategic imperative, and it is challenging,” says Folliet.

In response to the rising
sophistication of fraudsters,
cyber security solutions
have also become
more advanced

According to figures released by the Ponemon Institute, 62 percent of heads of IT and CISOs say that neither automation nor AI will reduce their need for qualified personnel2. It is incumbent on firms to work to ensure that the relevant resources and internal training programs are in place to act as a strong defence against cyber threats. Widely published data breaches should not be the trigger for change.

The existence of a solid plan can potentially influence investment activities. “Today, IT and cyber audits are systematically conducted when we are considering an investment, along with strategic, legal, and financial audits,” says Meignen.

Faivre also sees opportunity. From a business perspective, he notes, “If some obstacles remain, our solutions to overcome these challenges help us become a more desirable investment.”

You may also like