how we work

easily reduce risk across your entire portfolio

Black Creek offers a unique and easy process for improving cybersecurity across an entire portfolio of companies—beginning with a comprehensive assessment of the current state of cybersecurity, using our proprietary cyber scorecards and assessment tools to identify specific areas of vulnerability, and prioritize resources. We then work closely with companies to develop and implement a tailored cybersecurity program that aligns with their unique needs and risk profile, including new security controls, employee training and awareness, and incident response capabilities.

Our approach is easy and straightforward, enabling companies to quickly and effectively improve their cybersecurity posture while minimizing costs associated. With our expertise and experience in improving cybersecurity risk, we deliver tailored recommendations for improvements that are easy to implement, and aligned with the unique needs and risk profile of each company.

accountability

evaluation

audit framework

strategic focus

ongoing support

accountability

Our focus on accountability ensures a robust cybersecurity posture for Private Equity Groups and their portfolio companies. By empowering Cyber Leads to take ownership of cybersecurity within their respective organizations, we enable them to develop processes for observing incidents, define strong countermeasures, and proactively mitigate cyber threats.

We also provide a stabilizing presence to deal and management teams by prioritizing communication and transparency. By ensuring that all parties are informed and involved, we can maintain clarity and ensure an effective response. This approach helps to build trust between all stakeholders and creates a culture of accountability, resulting in a secure and resilient cybersecurity posture.

define roles

We work with each PortCo to Identify and train a dedicated Cyber Lead (CL) as our primary point of contact for all actions and events within the organization.

training

We train individual(s), enabling limited resource impact. 5-15% FTE within Private Equity Group (PEG Cyber Lead)

monitor and observe events as they occur

With the ability to observe cyber events as they occur, we help to quickly establish strong root cause countermeasures and learning.

stabalizing presence amid uncertainty

Our engagement with Private Equity deal and management teams provides clear and efficient communications.

evaluation

We understand that every portfolio company is unique and requires a customized cybersecurity plan that addresses specific risks and challenges. Using our “Top 7 Recommendations” process, we evaluate each portfolio company and identify their security gaps and vulnerabilities, then create a comprehensive cybersecurity plan that enables us to prioritize critical tasks and focus resources where they are needed most, providing a cost-effective solution to improve the company’s security posture.

Additionally, we recommend deal pre-close due diligence to help create more extensive baselines, allowing for an accurate assessment of the security posture of the portfolio company before the deal closes—providing a detailed understanding of the risks and vulnerabilities that may exist.

assess initial business and sensitive information risk

compliance to black creek's top 7 recommendations

implement force ranked priorities

our top 7 recommendations

1 – MFA ON REMOTE ACCESS

2 – MFA ON EMAIL

3 – EXTERNAL PERIMETER SCANS

4 – SECURITY AWARENESS TRAINING

5 – PASSPHRASE COMPLEXITY

6 – IMMUTABLE BACKUPS

7 – ENDPOINT SECURITY

evaluation

We understand that every portfolio company is unique and requires a customized cybersecurity plan that addresses specific risks and challenges. Using our “Top 7 Recommendations” process, we evaluate each portfolio company and identify their security gaps and vulnerabilities, then create a comprehensive cybersecurity plan that enables us to prioritize critical tasks and focus resources where they are needed most, providing a cost-effective solution to improve the company’s security posture.

Additionally, we recommend deal pre-close due diligence to help create more extensive baselines, allowing for an accurate assessment of the security posture of the portfolio company before the deal closes—providing a detailed understanding of the risks and vulnerabilities that may exist.

our top 7 recommendations

1 – MFA ON REMOTE ACCESS

2 – MFA ON EMAIL

3 – EXTERNAL PERIMETER SCANS

4 – SECURITY AWARENESS TRAINING

5 – PASSPHRASE COMPLEXITY

6 – IMMUTABLE BACKUPS

7 – ENDPOINT SECURITY

assess initial business and sensitive information risk

compliance to black creek's top 7 recommendations

implement force ranked priorities

audit framework

Our comprehensive cyber scorecards provide a structured framework for assessing and reporting cyber risks, enabling PortCos to address security gaps and prioritize resources to mitigate risks proactively. Using our scorecards, PortCos can improve communication with their boards, providing a clear picture of their cyber risk posture and helping them make informed decisions about risk management strategies.

They also allow PortCos to identify specific areas of vulnerability, enabling targeted action to strengthen their security posture and reduce the likelihood of a cyberattack—providing a valuable benefit to PortCos in protecting their assets and enhancing their overall security posture.

strategic focus

We understand that cybersecurity isn’t always a priority for small businesses, but limited resources can be strategically focused on the highest ROI actions. We help clients prioritize those investments based on their unique risk profiles and business objectives. Our approach ensures that actions taken by each portfolio company are appropriate and deliver the highest ROI.

Although the theoretical goal is 100% confidence in the security posture, the last 5% can often be too costly to achieve. Our approach strikes the optimum balance between cost, time, and resources to achieve the highest ROI while maintaining a level of investment that provides 95% confidence in security.

With our strategic focus, our clients can make informed decisions about their cybersecurity investments and achieve a higher level of security while minimizing unnecessary costs.

ongoing support

We provide ongoing support to our clients to ensure that their cybersecurity posture remains strong over time. Our approach involves multiple touchpoints to coordinate the efforts of Cyber Leads within the portfolio companies, the Private Equity Group, and trusted third-party providers. In addition, we facilitate regular engagements with teams to digest learnings and reassess priorities, enabling us to create numerous acceleration efforts to boost security over time.

As we put in place plans and processes to strengthen our client’s security posture, we have a structured method for reducing our engagement over time. This process allows us to gradually hand over the responsibility for managing cybersecurity to the portfolio companies, empowering them to fully take ownership of their security posture. By providing ongoing support and facilitating a smooth transition of responsibilities, we ensure that our clients remain secure and resilient, even after our engagement is complete.

multiple touch points

We not only work directly with your Cyber Leads and executive teams, but coordinate efforts with third party Cybersecurity vendors to ensure seamless and uniform efforts.

ongoing cyber acceleration efforts

With numerous acceleration efforts to relevant PortCos throughout the year, we help you to maximize your cybersecurity operations across your entire portfolio of companies in an efficient and structured manner.

regular calls to review learnings and reassess priorities

We work with your teams to adapt—regularly reviewing new findings, modifying strategies, and reassessing priorities as conditions change with new events or over time.

ease of transition

As each Private Equity Group becomes more comfortable, our service components can be scaled back over time using our “teach a man to fish” approach.

multiple touch points

We not only work directly with your Cyber Leads and executive teams, but coordinate efforts with third party Cybersecurity vendors to ensure seamless and uniform efforts.

ongoing cyber acceleration efforts

With numerous acceleration efforts to relevant PortCos throughout the year, we help you to maximize your cybersecurity operations across your entire portfolio of companies in an efficient and structured manner.

regular calls to review learnings and reassess priorities

We work with your teams to adapt—regularly reviewing new findings, modifying strategies, and reassessing priorities as conditions change with new events or over time.

ease of transition

As each Private Equity Group becomes more comfortable, our service components can be scaled back over time using our “teach a man to fish” approach.

get in touch

Have questions about how we can help you improve cybersecurity across your Private Equity Group and portfolio of companies? Contact us to learn more about how Black Creek can help.