Case Study: Establishing Cybersecurity Portfolio Oversight
Client: Gridiron Capital, LLC, a U.S. based investment firm
Client Type: Private Equity
Portfolio Size: 20 companies, including branded consumer, B2B and B2C services, and niche industrial
Background
Before engaging with ACA, Gridiron Capital, LLC (Gridiron Capital) managed cybersecurity across its portfolio of companies by establishing a set of baseline policies and control expectations (for example, use of MFA, penetration testing, etc.).
Once these essential controls were put in place, Gridiron Capital began looking for opportunities to further improve their understanding and management of cybersecurity risk across their portfolio.
According to Jeff Steinhorn, Operating Partner at Gridiron Capital, “It was time to see what could get us to the next level and continue evolving our risk management profile for our companies.”
Challenge
The diversity in cybersecurity programs — and of the portfolio companies themselves — made evaluating the adequacy of each company’s cybersecurity efforts challenging.
Gridiron Capital needed data that accounted for the different operational contexts of each of the companies and would allow for an accurate and nuanced comparison of cybersecurity risks.
Without this data, decisions about additional improvements each company should make would have been time consuming and ad-hoc, making the support Gridiron Capital could provide to the companies a challenge.
Ultimately, these challenges had to be addressed to maximize the ability to improve the cybersecurity risk profile at each Gridiron Capital company as well as collectively across the portfolio.
Solution
Gridiron Capital utilized ACA Vantage for Cyber, a solution specifically designed to help operating partners and sponsors in private equity, venture capital, and real estate build a comprehensive cybersecurity portfolio oversight program that allows the firm to better manage cybersecurity risk and drive value across the portfolio.
Delivered by the ACA Aponix team, our dedicated cybersecurity, privacy, and risk team, ACA Vantage provides Gridiron Capital with:
- Continuous assessment of risk across all their portfolio companies to help understand and prioritize areas for improvement.
- Access to an online tool that allows Gridiron Capital and all of their portfolio companies to view and evaluate assessment results.
- Guidance and resources that can be provided to portfolio companies to allow them to close identified gaps.
- Simple metrics that have been integrated into regular reporting and dashboards.
Results
While Gridiron Capital is still early in the use of ACA Vantage, the firm has already seen significant value from our solution, including:
- Comparable Data Across the Portfolio: Our RealRisk methodology considers the different operating realities (for example, industry, and complexity) of each company, as well as Gridiron Capital’s investment context for the company to get an immediate and caveat-free view into the risks and opportunities for each company. This provided Gridiron Capital with the ability to make comparisons across portfolio companies, easily track progress against action steps, and aggregate the cybersecurity risk of these companies to the fund level.
- Valuable Risk Management Insights for Investors: For Gridiron Capital, the value of ACA Vantage goes beyond improved oversight of their portfolio; this data can have an impact on the overall value of their portfolio. The data collected about their portfolio companies can be used during the exit process to demonstrate the maturity and comprehensiveness of the company’s cybersecurity efforts, potentially increasing the valuation of the company. As Jeff Steinhorn noted, “A company’s decision to buy or not buy another company doesn’t necessarily hinge on cybersecurity, but it can play a factor. At minimum, it can contribute to the company’s value and the price an investor is willing to pay.”
- Risk Management Insights for the Portfolio Companies: While participating in ACA Vantage is an additional ask of the portfolio companies, the companies in Gridiron Capital’s portfolio quickly saw the value of the data, and there was little hesitation in participating. “The portfolio companies are clearly on board with participating in ACA Vantage and they support it. It gives them the direction they need to make improvements, and if they need help from the team on how to remediate issues, ACA can potentially come in and help them,” said Jeff Steinhorn.
Jeff Steinhorn concluded, "With ACA Vantage, we now have increased visibility into where companies stand in terms of their vulnerabilities and their risk levels."
How we help
Our new portfolio oversight solution, ACA Vantage for Cyber, is the only cybersecurity product designed specifically for private equity, venture capital, and private debt portfolio oversight. With this solution, you get expert support to build an oversight program that is formally governed, applied consistently, and designed to grow valuations.
ACA Vantage for Cyber can provide ongoing visibility to monitor and oversee your portfolio companies’ cyber health, giving you control to navigate risk, add value, and gain a competitive advantage. Powered by ACA Aponix®, this solution combines our renowned advisory service with our award-winning regulatory technology, ComplianceAlpha®, and our exclusive "RealRisk" risk assessment methodology.
ACA Vantage for Cyber will help you to:
- Align your cybersecurity oversight program to investor needs by leveraging best practices developed working with over 100 firms on oversight
- Save time with instant access to assessment results and the status of related remediation efforts
- Keep stakeholders informed and direct resources where they are needed most
- Uncover your firm’s risk from your investments from the fund level all the way down to individual cyber capabilities at individual portfolio companies.
Complete this cybersecurity assessment survey to receive a free report detailing your cyber program's top deficiencies and strengths as well as the opportunity to discuss the findings with one of our account managers. Or contact us to find out how we can help you protect your portfolio.