Key takeaways

In 2026, private equity technical teams are facing a "Scale Paradox": portfolios are growing in complexity, while in the internal teams responsible for operations and cybersecurity oversight, headcounts remain stagnant. 

To bridge this gap, CTOs are moving away from manual "point-in-time" audits toward automated attack surface management. By utilising Thomas Murray’s Orbit Security technology, a lean team of one can oversee 50+ Portfolio Companies (PortCos) through automated ML-driven footprint discovery and real-time "Red Flag" alerting. 

Industry data suggests that firms using automated risk orchestration reduce their mean time to remediate (MTTR) significantly compared to those using manual spreadsheets.

Eliminating the "Visibility Blackout"

One of the most dangerous periods for a CTO is the "holding phase," where PortCo security naturally drifts. Growth and expansion is a priority. New developers spin up cloud instances, legacy ports are accidentally left open, bolt on acquisitions dramatically increase the technology landscape, and MFA is disabled for "convenience”.

Thomas Murray’s portfolio-wide monitoring acts as a continuous, non-intrusive scan, replicating attacker behaviour. Our Orbit Security technology scans the entire external attack surface, identifying:

  • Infrastructure breaches: Detecting malware communication or unauthorised port scanning. 

  • Server misconfigurations: Spotting legacy software and vulnerable HTTP/HTTPS headers before "deal hackers" do.

  • Credential leaks: Continuous monitoring of the Deep and Dark Web for leaked PortCo emails and passwords.

The "managed" advantage: analysis over alerts

Technical teams don't need more alerts, they need answers. Most automated tools generate "false positive fatigue," focusing on generating alerts not contextualised risks signals with recommended actions.

At Thomas Murray, our Orbit platform is backed by a Managed Service layer. When a PortCo’s score drops, our UK-based analysts investigate the cause. We provide a monthly portfolio cyber health check which converts raw telemetry into a prioritised RAG (Red, Amber, Green) report. This ensures a small team isn't wasting time on low risk "noise" and is instead focused on the 5% of issues that could impact the fund’s IRR. We translate data into actionable intelligence.

Regulatory readiness: DORA and SEC compliance

As of January 2025, the SEC’s Regulation S-P amendments and the EU’s DORA have made continuous monitoring a legal mandate. For a CTO, proving "continuous oversight" to a regulator is a massive administrative burden.

Orbit Security provides an automated KRI (Key Risk Indicator) report for every company in your portfolio. This isn't just a technical log, it’s a board-ready document that satisfies the 2025 ILPA QRSI standards and proves to LPs that your fund has "digital certainty." This reporting provides a way of directly comparing organisations with one another and prioritising the limited time that leaders have.

From 100 days to exit

Whether you’re in the first or final 100 days of an acquisition or preparing for a high-multiple exit, Orbit Security provides the data-trail. By documenting the remediation of "latent" liabilities discovered during mergers and acquisitions due diligence, you turn the tech team into a proven value-driver. Such efforts transform isolated events into a value creation narrative that supports investment theses, and in doing so acts as a multiplying mechanism for stable and long term growth.

Can your current team monitor 100 target companies without adding headcount?

Cyber Risk

Cybersecurity for Private Equity

Cyber attacks are becoming more intelligent than ever and private equity firms require security partners who understand the complete investment lifecycle and can protect business value. Our experience working with 8 of the 10 largest Private Equity funds by AUM positions us as a trusted advisor delivering strategic cybersecurity services across portfolio companies and investment stages.

Learn more