By Daimon Geopfert, Principal, Risk Advisory Services, RSM US LLP
For private equity firms, assessing the vulnerability of a prospective portfolio company’s information technology infrastructure is essential, no matter how small the target. The 2016 NetDiligence Cyber Claims Study found that nearly 90% of claims submitted were from companies with less than $2 billion in revenue.
Here are eight of the biggest red flags for any potential acquisition:
- The team can't answer basic questions
It seems obvious, but even companies that appear extremely sophisticated often fall short. If you start asking simple questions—what type of sensitive data does your company possess, and how does it handle it?—and answers aren't forthcoming, dig deeper.
- It's young and high-growth
New high-growth companies don't just outgrow office space—they often strain existing infrastructure, controls, and processes.
- It's in a highly regulated industry
Is the business in healthcare, consumer and retail, or financial services? Don't think twice—investigate deeply. At some point, a regulator is going to pay a visit.
- It works with government agencies
Privatization has been a boon for private equity investors, but doing business with government also means grappling with legacy or specialty government systems and rigid government standards and contracts.
To learn more about the other four red flags, click here.
This article represents the author's views only and doesn't necessarily represent the views of PitchBook.
Article by PitchBook