The Financial Times notes that the ‘time’ element in Private Equity investing brings challenges when implementing Digital Transformations at portfolio companies, as they rush to implement changes that deliver material results as quickly as possible. They note that in the case of companies that are not traditionally ‘digital’—which effective digital transformation can often bring particularly large financial gains to—this type of quick transformation can be difficult due to the significant companywide cultural and operational changes necessary.
The Private Equity business model is based on a combination of operational improvements of portfolio companies, financial engineering and being able to exit portfolio investments on a relatively consistent schedule. Private Equity managers have traditionally focused on the growth and de-risking of their portfolio companies in several different areas such as revenue, market and product to achieve their target exit valuations and portfolio returns.
But as we discussed in our July 2020 ‘Cyberhedge Alert’ on FTSE-100-listed Melrose (which is essentially a publicly listed private equity firm), the threat of a cybersecurity breach has rapidly become one of the largest risks that must be managed by private equity firms. This is due to the ability of a cyber breach to materially change the exit price and timing of their portfolio companies. Beyond the near-term financial damage from a breach, significant breaches such as ransomware leading to operational disruption also lead to reputational damage and concerns that the breach points to wider problems at the breached company.
As a result, the potential exit by the PE firm from the affected investment can be delayed as the victim company needs to demonstrate that the breach was not an indication of wider systemic problems. This can mean that the Private Equity owner must retain the affected portfolio company for several years more than otherwise intended, with a corresponding negative impact on their overall portfolios returns. Yes, effective Digital Transformations are essential to the success of nearly every company today. But going hand-in-hand with this is ensuring at a strategic level that strong cyber governance to protect those digital transformations is given just as high priority by C-Suites and boards.