Targeted assessment of cyber risks: How you can increase the value of your portfolio companies

Private equity companies know this: The value of a company does not only depend on turnover and market position - cyber security also plays a decisive role. Cyber attacks such as ransomware attacks or social engineering can severely affect companies in the investment portfolio and, in the worst case, lead to insolvency. It is therefore essential to make cyber security an integral part of the investment strategy.

Cyber Risk Quantification (CRQ) provides you with a sound basis for not only recognising risks, but also assessing them financially. This allows you to make targeted investments, minimise risks and sustainably increase the enterprise value of your portfolio companies (PortCos).

The focus is on two tried-and-tested methods that can be flexibly combined:

• CRQ analyses typical attack scenarios and calculates their potential financial impact. Internal factors such as the defence capabilities of your PortCo are taken into account, as are external data sources – for example from the darknet or insurers. The results help you to prioritise investments according to the cost-benefit ratio and determine the right level of cyber insurance.
• In addition, a Cyber Maturity Assessment (CMA) can be used to evaluate risks not only quantitatively but also qualitatively. CMA assesses the maturity level of your PortCo's cyber security. The results help you to plan the implementation of best practices and facilitate preparation for regulatory requirements such as NIS-2 or ISO 27001.

Abbildung 1: ENISA (European Union Agency for cyber security), THREAT LANDSCAPE 2024

Use CRQ and CMA in a targeted manner along the investment cycle.

Before the deal: Identify cyber risks at an early stage, negotiate purchase price adjustments and secure guarantees.

During the holding phase: Compare your PortCos based on KPIs, optimise security measures and reduce insurance costs.

On exit: Increase company value through documented security maturity and fulfil regulatory requirements.

The benefits mentioned above can also be substantiated with concrete figures - a practical example shows how targeted investments can have a direct impact on a company's risk and value profile.

A customer success story shows that a PortCo was able to reduce its potential cyber value at risk from €15 million to €8 million per year – through a targeted one-off investment of €750,000. This shows: With CRQ, you not only create security, but real added value.

As your partner, we support you in translating the findings from the methods described above into a resilient security strategy. With our industry-specific approaches and in-depth experience in the private equity environment, we support you in making your investments more resilient in a targeted manner – technologically up-to-date, regulatory compliant and strategically future-proof.