PE firms need to protect against data breaches

28 June 2017

Christopher Calicott, Trammel Venture Partners, cybersecurity, private equity — Shot of a young gamer focused on his game - this is an alternative version to iStock file 43952150 - ALL screen content on this image is created from scratch by Yuri Arcurs' team of professionals for this particular photo shoothttp://195.154.178.81/DATA/i_collage/pi/shoots/783867.jpg. Photo courtesy Yuri_Arcurs/Digital Vision/Getty Images

“Petya” cyber attack creates havoc in Europe
60 pct of small firms that suffer data breach go out of business
PE firms have duty of care to protect sensitive portfolio-company data

All companies, including private equity firms, should do a better job of protecting their data, according to panelists at PartnerConnect Midwest.

PE firms are at increased risk for cyber attacks because of the information they store, said Christopher Calicott, a managing director with Trammel Venture Partners. PE firms and hedge funds aggregate “all sorts of information about their investors, portfolio companies and their IP,” said Calicott, who spoke on the panel “Cybersecurity: Are Your Portfolio Companies at Risk, and Steps You Can Take Now to Address It.”

Because they hold board positions, PE firms have a duty of care to protect “all sensitive portfolio-company data,” he said.

The importance of data protection emerged this week as the latest cyber attack wreaked havoc in Europe. Dubbed “Petya,” the attack used a ransomware worm to target Ukrainian banks and airports, along with Rosnet, the Russian state-owned oil giant, the British advertising company WPP, and Merck, the U.S. pharmaceutical giant, Business Insider reported.

Consequences of a data breach can be dire for companies, panelists said. Some 60 percent of small companies that suffer data breaches go out of business, said Adam Levin, chairman and founder of Cyberscout. Loss of data could lead to class-action lawsuits, regulatory scrutiny, loss of key clients and the destruction of a company/firm brand, Levin said.

PE firms must have plans to help stave off attacks, Levin said. But they also should think beyond checklists. “Today, it’s impossible to prevent the problem [of hackers]. All you need is one person who clicks on one link,” Levin said.

Calicott said PE firms should understand “what is their source of strength, what is the high likelihood [that their] crown jewels will be attacked and how to protect them,” he said. “They have to be self-aware and do a self-analysis.”

Asked whether password managers were effective, Chad Allan Neale, managing director of cybersecurity and compliance at ACA Aponix, said “some are very good. Some have been breached.” Both Neale and Levin spoke on the cybersecurity panel.

Trammel’s Calicott said transferring sensitive information in an unencrypted email is a mistake. “You should never use email to transfer sensitive information, be it from a portfolio company or your firm, unless it’s encrypted,” he said.

Action Item: Contact Christopher Calicott at Christopher@tvp.fund

Photo courtesy Yuri_Arcurs/Digital Vision/Getty Images

Get limited access to our industry news, analysis and data, plus regular email updates

Email address

First name

first name

Last name

last name

Organisation

Country Phone number Job title

Job Title

To register, please review and accept our terms and conditions and privacy notice. I accept: sourceRegistration

Nearly there!

Register now

Login

Sign in to your account

Nearly there!

We have just sent you an email so you can verify your account. Please check your spam or junk folder just in case it’s been delivered there.