Cyber security is a source of value creation that remains largely untapped for many private equity funds. Our team has extensive experience working with value creation teams to release the maximum value across a range of portfolios.
Thomas Murray partners with Operations Partners and Value Creation teams to continuously monitor cyber threats across their portfolios, while engaging with portfolio companies to identify and mitigate specific risks. Our experience has shown that continuous engagement with portfolio companies on cyber security is the best way of generating value within the organisation and protecting wider value creation activities.
We provide pragmatic, practical and proportionate advice to give teams confidence in the activities undertaken across their investments.
Continuous Monitoring
Our Orbit Security platform and Dark Web Monitoring tools provide continuous monitoring of a company’s public cyber security posture, enabling it to respond to threats before they are exploited.
- 0–1000 weekly cyber ratings, long-term trend analysis, and benchmarking against sector peers
- Actionable reports highlighting the highest-risk vulnerabilities
- Dark Web Monitoring (DWM)
Cyber Risk Assessment
External monitoring can be complemented with periodic deeper-dives to assess portfolio companies’ IT and cyber governance, people, controls, and infrastructure.
- Assessments aligned with the portfolio company’s chosen standard, e.g. NIST
- Carried out by experienced professionals, not juniors
- Actionable, concise findings designed to help portfolio companies strengthen their cyber security
PortCo Engagement
Thomas Murray can work with a portfolio company’s Risk and InfoSec teams to help test and improve their cyber security.
- Tabletop exercises: training, testing and validating an organisation’s ability to respond to threats
- Testing: penetration testing, red/purple teaming, phishing simulations
- Consulting: virtual CISO support, risk and compliance assessments
- Monitoring: internal monitoring tools to detect unusual behaviour, e.g. EDR and MDR
24/7 Incident Response
Automated, external monitoring of companies to detect breaches, vulnerabilities, and misconfigurations that could be exploited by threat actors.
- 0–1000 ratings
- Long-term trend analysis
- Benchmarking against sector peers
Cybersecurity Checklist for Private Equity
For private equity partners and portfolio managers focused on value creation, understanding and mitigating cyber security risk is critical. This 10-step checklist demonstrates how to identify and quantify cyber risk at both portfolio and company levels—turning an intangible threat into measurable financial value.
Contact us
Our experts
Insights
5 Key Takeaways from a Deal Hacker: What PE Firms Should Look for When Doing Cyber Deal Due Diligence
Are your private equity deals safe from cybercriminals? The answer is very much ‘no’. Deals are being compromised, money is being lost, and reputations are being affected.
Why Cybersecurity Due Diligence is Critical to Deal Completion
It’s a common story: after months of meticulous financial, operational, and market analysis, a critical finding emerges in the final weeks before deal closure – threatening what seemed like a near-certain transaction with a three-month delay.
JLR Cyber Attack: What it Means for Private Equity, Credit, and Equity Investments
From the iconic E-Type Jaguar to images of the late Queen driving modern Range Rovers on her estate, JLR has long held a uniquely British place in the national consciousness, even under Tata ownership. The incident has affected the owners of the business, the supply chain, and customers, and offers learnings for the Private Equity (PE) industry.
Impact of Cyber and Operational Resilience on Private Equity and Their Portfolio Companies
Implementing cyber and operational resilience measures is a strategic imperative for PE firms and their PortCos, enabling them to reduce the impact of cyber risks on asset valuations.