Is Cybersecurity the New Due Diligence?

For private equity investors, cybersecurity is quickly becoming a significant part of the portfolio company acquisition process.

Not only must firms ensure the protection of customer data and sensitive, proprietary company information, but neglecting the threat of a data breach can also run afoul of several federal agencies.

A new report from Privcap suggests cybersecurity could be “the new due diligence” when it comes to big deals.

“Many firms mistakenly think they are not targets for cyberattacks, but what they need to know is that hackers are opportunists,” explains Daimon Geopfert, who works in risk advisory services for McGladrey. “They may not be out looking for you or even know who you are when they breach your systems.”

The best way fora company to protect itself from a breach is to guarantee that a data-protection strategy is in place, says Darren Guccione, CEO of Keeper Security, a provider that helps clients password-protect sensitive data files. The strategy is to ensure that all sensitive data is encrypted and that proper controls are in place to permit access to that data. The policy is consistently tested and audited for effectiveness in preventing data loss from both external and internal threats, Guccione adds.

Caution is key, and an attention to detail matters.

“If there’s an opening, [hackers] will exploit it, and then figure out later what to do with the data they’ve stolen,” warns Geopfert. “There’s always a buyer.”