CONTACT US

Cyber Risk Lives at the Portfolio Level

For operating partners who need visibility across the portfolio.

Founded and led by former Stroz Friedberg leaders, the premier incident response firm

Talk to an Expert
PE Vertical - Hero

Why Portfolio-Level Risk Builds

Operating partners inherit cyber risk through every acquisition. Each portfolio company arrives with its own systems, vendors, operating models, and ways of working.

After acquisition, each environment stays managed at the company level, and security decisions remain tied to how each business runs as the portfolio expands.

Without a portfolio-level baseline, firms operate based on whatever they acquired. The environment reflects the deal history, not a shared standard.

This risk becomes most visible during moments of change.

Where Portfolio-Level Risk Becomes Visible

This typically surfaces:
  • During acquisitions, when new systems and identities are introduced into the portfolio
  • When email, domains, and identity are integrated after close
  • When MSPs are evaluated or reassessed across portfolio companies
  • As portfolios grow and operating complexity increases over time

In these situations, issues that were previously isolated begin to show up across the portfolio.

This is when a portfolio-level approach becomes necessary.

PE Vertical - mid page

Post-Acquisition Email & Domain Integration

How Defensible supported a complex, PE-backed healthcare SaaS merger.
See the Full Story
Hero -- Navigating Complexity in a Global Healthcare SaaS Merger

Our Approach

We manage technology and security at the portfolio level.

That starts with establishing a shared framework for how IT and security are governed across the portfolio, with oversight sitting at the portfolio level while portfolio companies retain the flexibility to operate their businesses day to day.

This allows risk to be understood and managed centrally without forcing every company into the same tools, vendors, or operating model. It creates a common foundation that holds as portfolios grow, teams change, and environments evolve.

The intent is to create a model that holds over time, even as the portfolio changes.

In practice, this approach shows up through focused work at both the portfolio and company level.

How We Support Private Equity Firms

Portfolio-level work through company-specific engagements, including:

  • Portfolio-level technology and security advisory
  • Email and domain integration following acquisitions
  • MSP assessments across portfolio companies
  • Managed IT and security services for portfolio companies
  • AI readiness and risk assessments across portfolio environments
  • Portfolio-level monitoring and LP reporting across the portfolio

The best time to engage is before the acquisition closes. Most of our PE work starts there.

PE Vertical - lower page

Start with an Assessment

Know where your portfolio stands before the next acquisition closes

Don't Wait for the Deal