Skip to main content

Cyber security is a source of value creation that remains largely untapped for many private equity funds. Our team has extensive experience working with value creation teams to release the maximum value across a range of portfolios.

Thomas Murray partners with Operations Partners and Value Creation teams to continuously monitor cyber threats across their portfolios, while engaging with portfolio companies to identify and mitigate specific risks. Our experience has shown that continuous engagement with portfolio companies on cyber security is the best way of generating value within the organisation and protecting wider value creation activities.

We provide pragmatic, practical and proportionate advice to give teams confidence in the activities undertaken across their investments.

Continuous Monitoring

Continuous Monitoring

Our Orbit Security platform and Dark Web Monitoring tools provide continuous monitoring of a company’s public cyber security posture, enabling it to respond to threats before they are exploited.

  • 0–1000 weekly cyber ratings, long-term trend analysis, and benchmarking against sector peers
  • Actionable reports highlighting the highest-risk vulnerabilities
  • Dark Web Monitoring (DWM)

Cyber Risk Assessment

External monitoring can be complemented with periodic deeper-dives to assess portfolio companies’ IT and cyber governance, people, controls, and infrastructure.

  • Assessments aligned with the portfolio company’s chosen standard, e.g. NIST
  • Carried out by experienced professionals, not juniors
  • Actionable, concise findings designed to help portfolio companies strengthen their cyber security
Cyber Risk Assessment
PortCo Engagement

PortCo Engagement

Thomas Murray can work with a portfolio company’s Risk and InfoSec teams to help test and improve their cyber security.

  • Tabletop exercises: training, testing and validating an organisation’s ability to respond to threats
  • Testing: penetration testing, red/purple teaming, phishing simulations
  • Consulting: virtual CISO support, risk and compliance assessments
  • Monitoring: internal monitoring tools to detect unusual behaviour, e.g. EDR and MDR

24/7 Incident Response

Automated, external monitoring of companies to detect breaches, vulnerabilities, and misconfigurations that could be exploited by threat actors.

  • 0–1000 ratings
  • Long-term trend analysis
  • Benchmarking against sector peers
24/7 Incident Response

Have any questions?

Our experts

Roland Thomas

Roland Thomas

Associate Director

Edward Starkie

Edward Starkie

Director, GRC | Cyber Risk