Trusted by leading financial institutions
$8 Trillion
AUM Protected
Safeguarding banks’ and investors’ global assets for over 30 years, with continuous monitoring of operational and cyber risks.
14
Years’ Average Tenure
The average length of partnership with Thomas Murray’s top 10 clients.
100+
Countries Covered
Monitoring invested assets across approximately 110 markets worldwide.
Actionable analysis at scale
Thomas Murray provides UK-based cyber security support for private equity firms, with a focus on value creation, governance and compliance. We are your cyber value and assurance partner – turning risk into action that protects portfolio value and drives returns.
Value creation
We partner with you to provide actionable cyber and IT interventions which genuinely protect and enhance enterprise value.
- M&A pre-deal cyber risk monitoring
- Cyber due diligence – rapid and actionable
- Ongoing PortCo monitoring and improvement
- 24/7 incident response (inc. legal and reputational)
Governance and compliance
We are an extension of your middle office, providing evidence for boards, LPs and regulators that cyber risk is actively under control.
- Compliance with NIST, NIS2, DORA, GDPR etc.
- Point-in-time and ongoing risk assessments, quantified
- Trends and benchmarks over time
- Concise, actionable reporting, demonstrating control
Shareholder value protected at every stage of the investment cycle
Pre-Deal Monitoring
A typical mid-cap PE fund might be tracking up to 100 potential acquisition targets at once. Monitoring them early allows you to track a company’s long-term cyber security trends, and to identify critical issues which could impact a deal (e.g. database compromise). Thomas Murray’s Orbit Security platform provides non-intrusive, continuous monitoring, without alerting the target company.
- External Attack Surface Monitoring
- Dark and Deep Web Monitoring
M&A Due Diligence
Deal teams often run 7–10 workstreams at once, with cyber typically left until late in the process. Our workflows deliver rapid, effective cyber due diligence to uncover risks that could impact valuation, warranties, or deal structure. Through threat modelling and organisational value analysis, we provide fast assessments with actionable recommendations. Thomas Murray integrates seamlessly into your broader M&A due diligence, covering:
- Supporting IP
- Regulatory, Governance & Compliance
- Data Protection
- Information Security
- Commercial Due Diligence
Business as Usual: Value Creation across the Portfolio
Thomas Murray partners with Operations Partners and Value Creation teams to continuously monitor cyber threats across their portfolios, as well as engaging with PortCos to identify and mitigate specific risks.
- Continuous Monitoring (external)
- Cyber Risk Assessment (internal)
- PortCo Engagement (improving)
- 24/7 Incident Response (responding)
First and Final 100 Days
Whether you are making or realising an investment, during the first 100 days after the announcement of an acquisition you should be hyper-alert to the risk of cyber attack. Sophisticated threat actors can exploit weaknesses exposed during an M&A process, including sensitive data exchange during due diligence, integrating IT systems, and disruption to workflows and employees.
- Preparing PortCo for Exit
- Continuous breach monitoring
Support available at every stage: 24/7 Incident Response
Thomas Murray’s incident response team is trained to respond quickly and efficiently to incidents and help your businesses get back on track.
24/7 Expert Support
Crisis Management
Incident Recovery
Crisis Simulations
Why cyber matters: the Private Equity blind spot
Cyber incidents are value events
Ransomware, breaches and data exposure can trigger sudden value destruction - just like revenue loss or regulatory fines. A breach pre-exit can delay or derail a deal, and a cyber incident in a portfolio company can be a huge distraction and reputational issue for the fund.
Cyber risk is M&A risk
LPs and Regulators are watching. Institutional investors are increasingly asking investors about ESG and cyber governance as part of ODD, and regulations are starting to name private equity explicitly.
Cyber resilience = fiduciary responsibility
Portfolio companies often share vendors, cloud infrastructure and managed services; interconnected supply chains multiply risk, with a breach in one company spreading across shared environments.
Cyber intelligence is a strategic advantage
Firms that monitor cyber posture across their portfolio can act early, avoid loss and increase exit multiples. Cyber due diligence can also add leverage during acquisitions, especially in tech and regulated sectors.
Cyber insurance is not a strategy
Cyber insurance markets have been softening, but high-profile cases like M&S show that insurance is not an adequate substitute for resilience.
Our Accreditations
Contact us
Insights
Why Cybersecurity Due Diligence is Critical to Deal Completion
It’s a common story: after months of meticulous financial, operational, and market analysis, a critical finding emerges in the final weeks before deal closure – threatening what seemed like a near-certain transaction with a three-month delay.
JLR Cyber Attack: What it Means for Private Equity, Credit, and Equity Investments
From the iconic E-Type Jaguar to images of the late Queen driving modern Range Rovers on her estate, JLR has long held a uniquely British place in the national consciousness, even under Tata ownership. The incident has affected the owners of the business, the supply chain, and customers, and offers learnings for the Private Equity (PE) industry.
Impact of Cyber and Operational Resilience on Private Equity and Their Portfolio Companies
Implementing cyber and operational resilience measures is a strategic imperative for PE firms and their PortCos, enabling them to reduce the impact of cyber risks on asset valuations.
Cyber Security Checklist for Private Equity
10 essential steps to improve cyber security, protect portfolio investments, and maximise exit value.