An overview of a changing landscape of cyber security and compliance and key challenges it presents for Private Equity and Venture Capital Organisations. It also provides handy advice on what cyber risks should be considered on each stage of an investment life cycle and how to prevent them.
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Private Equity at the Eye of a Perfect Storm: Why Cyber Risk and Regulation Matter
1. Private Equity at the eye of a perfect storm:
Why cyber risk and regulation matters
February 1st, 2017
2. Agenda
2
• PE at the eye of a perfect storm: Setting the cyber risk scene
• How cyber risk is affecting the PE investment lifecycle –
challenges and available solutions
• Panel discussion and Q&A
1
2
3
6. Data protection in the 20th century
6
1
The value of private information
• 1.09 bn daily active users
• 15% of global population
• 34% of global internet users
• 85% of daily active users are
outside US/Canada
Value of Facebook =
$370,000,000,000
7. The EU General Data Protection Regulation
7
1
Wider Scope
Data Processors, not
just Controllers.
Catches companies
outside of EU in certain
circumstances
Data Subject
Rights
Portability, erasure and
objections to profiling.
Enforcement
Fines of up to 4% of
worldwide turnover or
EUR20,000,000,
whichever is higher.
Security Breaches
Notify regulator within 72
hours and affected data
subjects without undue
delay.
Data Protection
Officers
Required in certain
circumstances.
Compensation
Compensation for non-
material damage.
Non-profit organisations
to pursue claims on data
subjects’ behalf (group
litigation).
8. The EU General Data Protection Regulation
8
1
“We thought data was the new oil…..
….it turns out it is the new asbestos”
9. Setting the cyber risk scene:
From risk identification to incident management
9
1
Risk
identification
Risk
quantification
Risk
management
and transfer
Incident
management
10. The investment life cycle from a cyber risk perspective
10
2
Fund
raising
Buy
HoldExit
Fund
closure
Enable
Identify
ProtectSustain
Enable
11. Fundraising: Challenges and solutions
11
2
Fund
raising
Buy
HoldExit
Fund
closure
Enable
Identify
Protect
Enable
Sustain
Challenges:
§ Data security
§ Secure communications
§ Systems set-up and security
§ LP requirements
§ FCA requirements
Solutions:
§ Set scope of Compliance Officer
§ Appoint Data Officer
§ Security by design
§ Training and awareness
§ Early-stage security measures
§ Cyber insurance at formation
12. Buy: Challenges and solutions
12
2
Fund
raising
Buy
HoldExit
Fund
closure
Enable
Identify
Protect
Enable
Sustain
Solutions:
§ Include cyber security and compliance in
DD process:
§ vulnerability assessment
§ cyber health check
§ Secure communications
§ CyberQuantified
§ Insurance gap analysis
§ Incorporate cyber security and data
protection action plan onto 100-day plan
Challenges:
§ Maintaining confidentiality
§ Managing multiple parties during DD and
closure
§ Correctly assessing/valuing cyber
security within the target
§ Visibility of compliance and cyber security
posture (including 3rd parties)
13. Hold: Challenges and solutions
13
2
Fund
raising
Buy
HoldExit
Fund
closure
Enable
Identify
Protect
Enable
Sustain
Challenges:
§ Minimise cyber security and compliance
risk to maximize ROI and exit price
Solutions:
§ Implement state-of-the-art cyber
security and compliance solutions at
GP, fund and portfolio company level
§ On-going monitoring and reporting
§ Training and awareness
§ Design of risk transfer strategy and
insurance placement
§ Cyber crisis planning and response
14. Exit: Challenges and solutions
14
2
Fund
raising
Buy
HoldExit
Fund
closure
Enable
Identify
Protect
Enable
Sustain
Challenges:
§ Maximizing transaction value by
demonstrating good cyber security
practice and compliance
§ Avoiding post-exit law suits over
insufficient cyber risk disclosure
Solutions:
§ Evidence produced during Hold phase
§ VDD:
§ Cyber-Quantified
§ Insurance gap analysis
15. Fund closure: Challenges and solutions
15
2
Fund
raising
Buy
HoldExit
Fund
closure
Enable
Identify
Protect
Enable
Sustain
Challenges:
§ Avoiding post-exit law suits over
insufficient cyber risk disclosure
§ Data security
§ Secure communications
Solutions:
§ Introduce cyber security module along
with internal audit each year
16. Panel discussion and Q&A
16
3
§ Chair: Steve Berry, Chairman, Cynation
§ CyNation: Shadi A. Razak, Head of Cyber & Compliance Services
§ DAC Beachcroft: Hans Allnutt, Partner
§ WTW: Jamie Monck-Mason, Executive Director, Cyber & TMT