Whether making or realising an investment, the first 100 days following the announcement of an acquisition require heightened vigilance to cyber risk. Sophisticated threat actors can exploit weaknesses exposed during the M&A process, including the exchange of sensitive data during due diligence, the integration of IT systems, and disruption to workflows and employees.
Preparing PortCo for Exit
Intellectual Property
Identifying key IP within a business, understanding ownership, reviewing rights agreements, and implementing appropriate protections.
Data Protection
Conducting data protection audits and reviewing policies and procedures.
Warranties and Covenants
Clearly defining responsibility for past and future cyber events, and ensuring these obligations are not breached.
Continuous Breach Monitoring
Target / Portfolio Company
- Data leaks, credential exposure and ransomware chatter
- New vulnerabilities in exposed systems
- Publicly disclosed breaches that could affect valuation
Critical Suppliers and Technology Vendors
- Cloud and SaaS Providers
- Outsourced IT Providers
- Managed Service Providers (MSPs)
Regulatory / Compliance Triggers
- Monitor for fines, investigations or regulatory actions against the target, including GDPR, SEC and FCA matters
Other Stakeholders
- Advisors (lawyers, bankers)
- Other Portfolio Companies (where infrastructure is shared)
Find out more
Our experts
Insights
AI Has Moved the Asset Safety Goalposts
The AI threat era has changed the meaning of asset safety for financial institutions.
The Hidden Risk of Private Credit
With the private credit boom set to continue in 2026, funds should view cybersecurity as a key liquidity risk.
Claude-Alt-Delete: Three Big AI Security Lessons for Private Equity
In a world where AI use is proliferating, PE firms need to move fast to not get left behind.
Is a Quantum Shift in Thinking Required for Private Equity?
The past year has seen big technology stories, themes and events that offer real learnings for private equity.