Skip to main content

Protecting Portfolio Companies from Cyber Criminals

As an alternative asset manager, you're aware of the growing cyber security threats that can compromise your investments and reputation. With limited partners and regulators increasingly expecting robust cyber protection, cyber security has evolved from a back-office concern to a front-office priority, requiring attention and expertise from all levels of the organization. Regardless of size or resources, it's essential for firms to prioritise cyber security and invest in the necessary measures to safeguard their operations, protect their assets, and maintain the trust of their stakeholders.

Thomas Murray is dedicated to helping alternative asset managers like you strengthen their cyber defences. Our expert team partners with general partners to develop tailored cyber risk programs, vigilant threat monitoring, and rapid incident response. We begin with a meticulous, data-driven assessment of your portfolio, providing a clear roadmap for enhancing your cyber security and mitigating potential risks. 

The Threat Landscape

Private Equity firms face a unique set of cyber threats that can compromise their investments, reputation, and sensitive data. These threats include: 

Ransomware attacks

Ransomware Attacks

Ransomware attacks

Malicious software that encrypts data, demanding payment, and posing a significant risk to portfolio companies' operations

11

Data Breaches

11

Unauthorised access to sensitive data, including financial information and intellectual property, which can be exploited for financial gain

11

State-sponsored Attacks

11

Sophisticated threats from nation-state actors, targeting Private Equity firms and portfolio companies to disrupt operations or steal sensitive information

11

Weak Infrastructure and Third-party Breaches

11

Vulnerabilities in systems and suppliers that can provide an entry point for cyber attacks, compromising portfolio company security

Phishing and Social Engineering

Phishing and Social Engineering

Phishing and Social Engineering

Targeted attacks on employees, which can lead to unauthorised access to systems and data, compromising portfolio company security

Get Started with a Portfolio Cyber Healthcheck

pe

Our comprehensive Portfolio Cyber Healthcheck is a rapid, cost-effective way to identify the current cyber security posture of your portfolio companies. This assessment combines cutting-edge technology, expert insight, and an efficient managed service with our unparalleled industry data. What to expect:

Within 2-4 weeks, your Portfolio Cyber Healthcheck will include: 

  • A summary report with a Red, Amber, Green (RAG) assessment of each of your portfolio companies, benchmarked against its industry peers 
  • A tailored report for each portfolio company, summarising its cyber security posture with a list of recommended remediations in priority order 
  • A debrief with our experts to present the findings, answer questions, and recommend next steps
  • Ongoing access to our Orbit Security platform for three months, monitoring the external cyber security posture of your portfolio companies 

Discover more about how our Portfolio Cyber Healthcheck works and the benefits it can offer your firm here.

Key features of our Portfolio Cyber Healthcheck

Tick box

Internal Critical Controls

The Cyber Healthcheck's internal critical controls assess key security measures in each portfolio company. A short questionnaire evaluates protections, ensuring a minimum baseline of security and identifying potential vulnerabilities.

Tick box

Perimeter External Security

The perimeter external security assessment evaluates each portfolio company's internet exposure, simulating a hacker's view. AI-powered technology provides a 0-1000 risk rating, helping identify entry points and prioritize risks.

Tick box

External Threat Context

The external threat context assessment evaluates the likelihood of each portfolio company being targeted by cyber criminals. It considers industry and country targeting, recommending mitigations to help firms prioritize risk mitigation efforts.

Why Thomas Murray? 

Thomas Murray provides operational due diligence (ODD) and cyber security solutions for asset owners and asset managers. Since 1994, we have worked with sovereign wealth funds, pension funds and other allocators to reduce their operational risk exposure; today, we support alternative managers to meets limited partners’ and regulators’ requirements by improving their cyber security posture & monitoring their portfolio companies. Our expertise is trusted by top global firms within Financial Services sector.

Not sure yet? Explore our Private Equity free resources

PE

The Private Equity Guide to Cybersecurity eBook

This guide is an introduction to cybersecurity for private equity firms that have a general awareness of the risks, but want a clearer idea of how to address them. It discusses the current threats to private equity houses and their portfolios, the regulatory landscape, and some of the key steps to developing the basis of an effective cybersecurity strategy now and for the years ahead.

Download eBook

Free assesment

Get a Free Cyber Risk Mini-Assessment 

Our mini-assessment helps private equity firms identify cyber risks across up to five of their portfolios. It combines attack surface scans, inherent risk scoring, and a concise report highlighting key vulnerabilities, threat context, and clear next steps. The report offers practical and actionable insights to help reduce exposure and protect portfolio companies.

Get free mini-assessment

have any bg image

Have any questions?

Our Private Equity Specialists

Stephen Merry

Stephen Merry

Managing Director | Funds

Edward Starkie

Edward Starkie

Director, GRC | Cyber Risk