Cyber security is a source of value creation that remains largely untapped for many private equity funds. Our team has extensive experience working with value creation teams to release the maximum value across a range of portfolios.
Thomas Murray partners with Operations Partners and Value Creation teams to continuously monitor cyber threats across their portfolios, while engaging with portfolio companies to identify and mitigate specific risks. Our experience has shown that continuous engagement with portfolio companies on cyber security is the best way of generating value within the organisation and protecting wider value creation activities.
We provide pragmatic, practical and proportionate advice to give teams confidence in the activities undertaken across their investments.

Continuous Monitoring
Our Orbit Security platform and Dark Web Monitoring tools provide continuous monitoring of a company’s public cyber security posture, enabling it to respond to threats before they are exploited.
- 0–1000 weekly cyber ratings, long-term trend analysis, and benchmarking against sector peers
- Actionable reports highlighting the highest-risk vulnerabilities
- Dark Web Monitoring (DWM)
Cyber Risk Assessment
External monitoring can be complemented with periodic deeper-dives to assess portfolio companies’ IT and cyber governance, people, controls, and infrastructure.
- Assessments aligned with the portfolio company’s chosen standard, e.g. NIST
- Carried out by experienced professionals, not juniors
- Actionable, concise findings designed to help portfolio companies strengthen their cyber security


PortCo Engagement
Thomas Murray can work with a portfolio company’s Risk and InfoSec teams to help test and improve their cyber security.
- Tabletop exercises: training, testing and validating an organisation’s ability to respond to threats
- Testing: penetration testing, red/purple teaming, phishing simulations
- Consulting: virtual CISO support, risk and compliance assessments
- Monitoring: internal monitoring tools to detect unusual behaviour, e.g. EDR and MDR
24/7 Incident Response
Automated, external monitoring of companies to detect breaches, vulnerabilities, and misconfigurations that could be exploited by threat actors.
- 0–1000 ratings
- Long-term trend analysis
- Benchmarking against sector peers

Have any questions?
Our experts


Insights

JLR Cyber Attack: What it Means for Private Equity, Credit, and Equity Investments
From the iconic E-Type Jaguar to images of the late Queen driving modern Range Rovers on her estate, JLR has long held a uniquely British place in the national consciousness, even under Tata ownership. The incident has affected the owners of the business, the supply chain, and customers, and offers learnings for the Private Equity (PE) industry.

Impact of Cyber and Operational Resilience on Private Equity and Their Portfolio Companies
Implementing cyber and operational resilience measures is a strategic imperative for PE firms and their PortCos, enabling them to reduce the impact of cyber risks on asset valuations.

Cyber Security Checklist for Private Equity
10 essential steps to improve cyber security, protect portfolio investments, and maximise exit value.

How Private Equity Leaders Turn Cyber Security Investment into Competitive Advantage
Leading firms are discovering something counterintuitive: investing in cyber security creates advantages worth far more than just protection.