Robust cybersecurity critical to remaining competitive

George Ralph

Cybersecurity is connected to every single part of a business. Having the right solution and working with experienced partners is critical. Private equity firms understand that having a robust set up in this regard is necessary to remain competitive. Those willing to learn and evolve faster are reaping the rewards in terms of harnessing the value of secure cloud-based business IT architecture.

“I would always recommend reaching out and getting the expertise you need to get the right advice and build from the ground up,” outlines George Ralph (pictured), Global Managing Director at RFA. “The right solution will be scalable for your firm. This is the beauty of cloud-based tech, firms can build an IT architecture for now and the future.”

“We often hear that PE firms have been slow on the uptake in relation to new tech in the past. I think that has changed. It is basic business sense that if you don’t keep up with your competitors in terms of your technology estate and capabilities, you simply won’t win the business,” he says.

When putting a cybersecurity framework in place there are many moving parts and Ralph strongly advises that PE managers work with a technology partner who has experience and access to the entire market. PE firms at the start of their cybersecurity journey would begin by carrying out a risk assessment. They would then consider their cybersecurity solution from two perspectives: what is optimal for them as a business and what will also support them best when working with vendors, regulators and investors.

Ralph also points out that cyber is an important part of a PE firm’s ESG policy: “We are seeing questions around cybersecurity in ESG due diligence questionnaires. These include questions around competence and training, monitoring and reporting, risk, change management, third party vendor management and reparations in case of attack. Your cybersecurity set up is so closely linked to your data management that you have to be able to evidence you understand how your deal flow works and that you have a 360 degree view of all the moving parts.”

Costing a breach

When it comes to considering the impact of a breach, Ralph believes it isn’t possible to put a cost on a cyber breach: “It depends on whether the breach was directly attributed to the PE firm or a third party vendor. Also, what is breached, what is lost, affected, or stolen as well as the resolution, also make a difference to the repercussions of such an event.”

However, he acknowledges that reputational damage can be hard to come back from, therefore it follows that putting the right security measures in place to mitigate risk rather than manage attacks is the best approach. However, attacks do happen. “I would strongly suggest that a manager has a plan in place in the event of a cyber attack. How do they intend to communicate the event internally and externally? What is their plan for alternative communication channels should their main channels have been breached?” Ralph comments.

The outsourcing question

The decision whether to outsource the cybersecurity function or hire an in-house professional largely depends on the size of the PE firm in question. Ralph says: “Very few firms would require a full time CTO to support their business IT requirements. Firms who embark on a comprehensive digital transformation journey, using digitisation to automate operational processes would also have little need for additional in house expertise. The idea of digitisation is to take day to day tasks away from individuals allowing them more time to focus on their main business functions.”

Services like RFA’s Managed Detection & Response (MDR) is designed to support PE firms with an entire end to end cybersecurity solution. From 24/7/365 monitoring for internal and external anomalies to full reporting and support via engineers in its Security Operations Centre, the platform enables firms to outsource their solution. In terms of public cloud security, RFA has been at the forefront of cloud development since 2014. MDR uses AI and machine learning to spot anomalies across a firms technology estate, alerting you to any potential risks or forms of attack. MDR is also compliance tailored to regulatory requirements, providing hundreds of clients with enhanced data and applications control and reporting to reduce risk.

“I would also say that monitoring for cyber prevention and attack is a 24-hour programme, day in and day out, 365 days a year. It makes sense to work with a technology partner that can provide this,” he highlights. 


George Ralph, Global Managing Director & CRO, RFA
As Global Managing Director and CRO of RFA, George Ralph is a technology and business leader with a proven track record of strategic alignment, process improvement and guidance. Having been both a COO and a CTO of his own technology firms over a nineteen-year period, he looks to provide transparent guidance to every business he serves and the people he leads. George has extensive delivery and technical experience in cloud and data architecture, large-scale migrations utilising leading technology brands and IaaS offerings. An Assessor for the British Computer Society (The institute of IT) and a Certified IT professional, George is keen to ensure that the RFA gives its clients the highest levels of service.