Value creation: Making businesses more beautiful and more resilient – an investor's perspective.
22.09.22
Article by:
Value creation in private equity can take many forms. It's often geared towards making businesses bigger, more profitable and more tech-enabled. It can include planned management enhancement, to make sure that all bases are covered for the businesses' needs now and for the next investment period.
However, value creation is seldom viewed in the context of making businesses more resilient. Particularly at this point in the economic cycle, resilience to challenges is critical, whether that be winning the war for talent, containing inflation or making sure that businesses are as prepared as they can be for macro-risk, such as cyberattack, which has been further put under the spotlight by the war in Ukraine.
According to the UK's National Risk Register in 2020, the highest impact risk facing the UK is one of cyberattack. This now sits alongside pandemic, which of course in 2020 was a daily concern. In 2021, the UK Government estimated that two in five businesses have reported cybersecurity breaches or attacks. By some estimates there are 65,000 attempts per day on UK SMEs, of which 4,500 are successful.
Some simple measures: As investors in the digital transformation and cybersecurity consulting sectors we know it’s not just good practice but essential to put in place technology and mechanisms that will decrease the risk of a cyberattack. Here are three simple measures we would recommend as a starting point:
- Don’t publish online your company's cybersecurity – it effectively gives hackers a roadmap to attack your company.
- Appoint a dedicated and specialist Information Security Officer – this person should be scenario planning and wargaming capable. As forced as that may feel, it is essential.
- More obvious measures such as staff training, two-factor security and ensuring your company has proper insurance cover in place are fundamental.
If your question is 'How detrimental a risk are we talking about?', then consider how debilitating an attack would be for your business. A typical ransom demand is two to three days revenue – hackers want the ransom amount to be meaningful but affordable! In reality it's not just the financial loss. There's the disruption, sense of uncertainty and loss of customer confidence in some instances.
Overall, when we talk about how we as investors want to make our businesses bigger and more beautiful, it is important to make sure we make them more resilient also. If the global pandemic has taught us one thing, it is to prepare for the worst.