You’re the Cyber Lead in PEOps at your firm and you’re trying to get a handle on where and what best to focus on across your portfolio that will have the best impact on mitigating cyber risk to the firm.
It’s no mean feat, especially if your portfolio consists of SMEs with no dedicated security staff. And I speak from experience because I’ve been that guy, right there. After searching for an “off the shelf” way to help guys like me get clarity and priority, in the end I realized that such a model to help didn’t exist and so I set out to build my own.
I really liked the idea of there being a “Cyber Poverty Line”, a phrase bandied about in the cyber sec. community that all companies should meet or exceed. More so, I liked the idea that if I could raise all my PortCos. above that line, I could make a real and meaningful change to their (and my) cyber risk but I’d have an easy consistent way to explain to the rest of the team the actions I was taking and why.
And so my version, the “Black Creek Cyber Poverty Line” was born.
The model rates each PortCo. against their implementation of what I consider to be the Top 7 tools and techniques that I believe should be in place to help companies rise above this line, both strengthen their defenses against cyber threats and meeting regulatory requirements.
So in this post, let’s dig into what those Top 7 are, why they’re important and how the Black Creek model can help you get clarity and priority into the actions you take.
The “Top 7” Defined
1. Multi-Factor Authentication (Remote Access)
Multi-Factor Authentication (MFA) is a critical security control that requires users to verify their identity through two or more independent credentials before gaining access. In the context of remote access security, MFA acts as a powerful gatekeeper, ensuring that only authorized personnel can enter sensitive systems and data environments.
The importance of MFA lies in its ability to add an extra layer of verification beyond just usernames and passwords, which are increasingly vulnerable to compromise. This second factor might be a one-time code sent to a mobile device, biometric recognition, or a hardware token. Each additional factor significantly reduces the risk of unauthorized access caused by stolen or weak credentials.
For PortCos. operating in decentralized or hybrid work environments, enforcing MFA for all remote connections is non-negotiable. It prevents attackers from exploiting remote access vulnerabilities, one of the most common entry points for breaches and protects valuable intellectual property and customer information from exposure. Without this safeguard, companies remain exposed to credential theft, phishing attacks, and lateral movement within networks after initial compromise.
2. Multi-Factor Authentication (Email)
Email is still the main way cyber attackers target companies. They use phishing campaigns to trick users into revealing their login information or clicking on harmful links. By implementing Multi-Factor Authentication (MFA) on email accounts, we can make it much harder for attackers to succeed. With MFA, we require a second form of verification in addition to just a password.
Key benefits of email MFA include:
- Phishing protection: Even if someone gets hold of your login information, they won’t be able to access your account without the second verification step.
- Mitigation of account takeovers: This prevents attackers from using stolen passwords to gain access to sensitive emails or carry out fraudulent transactions.
- Compliance alignment: Many laws and cybersecurity guidelines require or strongly recommend two-factor authentication for important systems like email.
Best practices for deploying email MFA within portfolio companies:
- Use app-based authenticators or hardware tokens instead of SMS codes, as these are more susceptible to being intercepted.
- Require MFA for all users, especially those with special access privileges or dealing with sensitive information.
- Integrate MFA smoothly with existing identity management solutions so that it doesn’t cause too much inconvenience to users and encourages them to adopt it.
By protecting email accounts with strong two-factor authentication, portfolio companies can greatly reduce the chances of expensive data breaches caused by phishing attacks, working alongside other protective actions to raise the overall security level of the organization above the Cyber Poverty Line.
3. Implementing an Immutable Backup Strategy
Immutable backups are a crucial part of any strong backup strategy designed to protect PortCos. from the devastating effects of ransomware attacks. Unlike traditional backups, immutable backups cannot be changed, deleted, or encrypted once they are created. This unchangeable quality ensures that backup data remains untouched and available even if cybercriminals gain access to your systems.
Why Implement an Immutable Backup Strategy?
Implementing an immutable backups strategy offers two key benefits:
- Protection against ransomware: Attackers often target backup files to prevent recovery; immutability blocks these attempts, keeping recovery options intact.
- Reliable data recovery: When an incident occurs, having a secure, untouchable backup means faster restoration of operations with minimal data loss.
The Importance of Immutable Backups for Private Equity Firms
For PE firms managing multiple PortCos. incorporating immutable backups as part of the framework is crucial. It not only protects critical data assets but also strengthens overall resilience against evolving cyber threats that aim to disrupt business continuity and so long term value of the business.
4. Security Awareness Training Programs
Security Awareness Training is crucial in teaching employees about different cyber threats they might face, like phishing emails or social engineering attacks. By improving their knowledge of potential dangers, employees can more effectively recognize and react to security incidents.
With regular training programs we can build a culture where employees are always aware of security issues and act accordingly. By teaching them the best ways to protect against cyber threats and encouraging them to stay alert, employees become key players in protecting the company’s digital assets and reputation.
5. External Perimeter Scans
External perimeter scans are a basic part of the defense strategy for portfolio companies looking to move above the Cyber Poverty Line. These scans focus on finding weaknesses that are outside the traditional network perimeter areas, that are often ignored but are very important in today’s world where remote access and cloud services make network boundaries unclear.
Key functions of perimeter scans include:
- Vulnerability Assessment: Finding open ports, misconfigured services, outdated software, and other weaknesses that can be accessed from the internet.
- External Threat Detection: Identifying potential entry points that attackers might use before they carry out targeted attacks.
Regularly scheduled external scans give early warnings about vulnerabilities that could result in data breaches or ransomware incidents. This proactive method allows for quick fixes, preventing expensive interruptions and protecting sensitive information.
In this context external perimeter scanning works alongside other methods by reinforcing defenses where attackers usually start their campaigns beyond the immediate control of internal IT teams, but crucial to overall security stance.
6. Endpoint Protection Solutions Deployment
Endpoint Protection solutions play a crucial role in securing devices and networks from malicious activities such as malware infections or unauthorized access attempts. These solutions are designed to detect, prevent, and respond to threats at the endpoint level, ensuring that individual devices are protected from cyber attacks.
There are several Endpoint Protection solutions available in the market today, each with its own set of features and capabilities. Here are some popular options:
- Antivirus Software: Traditional antivirus programs that scan for known malware signatures and provide real-time protection against viruses, worms, and Trojans.
- Endpoint Detection and Response (EDR): Advanced solutions that go beyond traditional antivirus by using behavioral analysis and machine learning to detect sophisticated threats and provide incident response capabilities.
- Mobile Device Management (MDM): Solutions specifically designed to secure mobile devices by enforcing policies, remotely wiping data, and managing app installations.
By deploying robust Endpoint Protection solutions and keeping them up-to-date, we can significantly reduce the risk of malware infections and unauthorized access attempts on the PortCo.’s devices and networks.
7. Minimum Password Complexity Requirements
Implementing minimum password complexity requirements is crucial in deterring password-related breaches. By setting standards for password strength, including a mix of uppercase and lowercase letters, numbers, and special characters, companies can significantly enhance their security posture.
Establishing and enforcing robust password policies across all user accounts is essential for safeguarding sensitive data. Regularly updating passwords, prohibiting the reuse of old passwords, and incorporating multi-factor authentication can further bolster security defenses against unauthorized access attempts.
Getting all PortCos. Above the Cyber Poverty Line
An initial assessment of each PortCo will give us a rating of where they are against the Top 7. Of course, the inherent risk within each of the PortCo is likely to be different, so the remediation plan of what measures should be prioritized can then be tailored, not only by how far below the line they are, but also, what would have greatest impact on risk mitigation. Rolling that up in a consistent way to a portfolio level gives the Cyber Lead a structured, defensible and communicable plan to review both within the firm’s leadership but also within each PortCo. And while we prescribe the nature of the tool or technique, we don’t necessarily prescribe the vendor tech. stack that must be used. In this way we can work with whatever is already in place saving both time and money.
We’ve also built our own portal that we make available, enabling Cyber Leads to not only manage and report on progress against the Top 7, but also manage critical incident responses and other actions at each PortCo.

Conclusion
Proactive cyber risk management practices are essential for making portfolio companies resilient. It is not enough to just meet regulatory compliance; we need to do more to ensure business continuity in a constantly changing threat landscape. The Black Creek Cyber Poverty Line model is based on years of direct experience leading cybersecurity efforts in Private Equity. It’s not designed to be over complicated. It’s not designed to have you rip and replace what may already be there just to make a commission. In fact, we never take a commission from the security vendors, by the way. We’re always on your side of the table in your negotiations with them ensuring you get best value for money.
By adopting these fundamental strategies, firms can not only decrease the risk of cyber incidents but also gain the trust of stakeholders and set up their investments for long-term success in what can be an often dangerous digital world.
If you’d like to find out more about the Cyber Poverty Line and how Black Creek Cyber can help you manage risk across your portfolio, please do reach out and let’s have a no obligation chat.