As private equity company Francisco Partners was about to close the sale of a portfolio company valued at more than $1bn to a strategic investor, the California-based firm received a jarring phone call. Experts examining the portfolio company’s cybersecurity had found such a long list of vulnerabilities that the investor was thinking about backing out of the deal, recalled Francisco Partners’ senior operating partner Eran Gorev. “It came as a shock to all of us,” Gorev said.
It is also further proof that cybersecurity is no longer relegated to a long list of details to check during the due diligence process but is now a key indicator of a company’s overall health and potential. As such, it is playing a larger role in company valuations, mergers and acquisitions and IPOs. Signs that point to this change include the SEC stepping up its enforcement of disclosure requirements for cyber-attacks and the recent announcement from ratings agency Moody’s that it is developing a system to better evaluate a company’s cyber-risk.