ACA Group Launches ACA Vantage to Help Meet Investor Expectations for Portfolio Company Cybersecurity Oversight

NEW YORK & LONDON--(BUSINESS WIRE)--ACA Group (ACA), the leading governance, risk, and compliance (GRC) advisor in financial services, today bolstered its product line with the launch of ACA Vantage for Cyber, to help private markets (“PM,” i.e., private equity, hedge funds, and venture capital) firms discover, prevent, and remediate critical cyber vulnerabilities across their portfolio. This unique offering is powered by ACA Aponix^®, ACA’s cybersecurity division. The offering combines an executive advisory service with ACA’s technology, ComplianceAlpha^®, to help operating partners and sponsors at PM firms globally to build and operate a formal program of cybersecurity portfolio oversight and conduct an ongoing, effective assessment of their portfolio companies’ cyber posture over the entire investment lifecycle.

ACA Vantage for Cyber comes at a time of growing cyber risk, especially with the proliferation of ransomware-as-a-service, sophisticated business email compromise schemes, and supply-chain attacks. As cyber risk proliferates, PM firms are moving from an ad-hoc approach to overseeing their portfolio companies' cyber programs with a more systematic approach. For example, according to a survey conducted by ACA Group in March 2023, when it comes to their portfolio companies, 73% of PM firms do not have a minimum-security baseline, and 68% do not perform annual risk assessments when it comes to their portfolio companies.

“When a company within the private equity firm’s portfolio suffers a breach, this results in financial and operational losses to the portfolio business but equally to the sponsors and investors,” said Kavitha Venkita, Partner at ACA. “What’s needed is a programmatic approach to cybersecurity across all portfolio companies, designed to be formally governed and applied consistently. A confidence-building portfolio oversight program is a competitive advantage today for attracting and retaining investment from Limited Partners; tomorrow, it will likely be table stakes.”

ACA Vantage for Cyber helps firms with fewer internal resources to keep pace with industry changes, apply best practices, and reduce costs while managing downside risk, creating value, and increasing investment from Limited Partners. Risks and remediation efforts are displayed in real-time via ACA’s award-winning GRC and regulatory technology platform, ComplianceAlpha, giving operating partners and sponsors accessible and digestible results to help guide and prioritize further action steps across their portfolios. This solution set helps meet investors’ expectations and supports the safeguarding and growth of the valuation of investments.

Jeremy Bergsman, Managing Director at ACA, shared, "Firms are constantly navigating what “good” cyber oversight looks like. We are excited about how ACA Vantage for Cyber can help private markets firms create or improve their oversight programs. And ACA Vantage for Cyber has flexible risk assessment and monitoring that can be scaled up or down to meet the risk management needs of every company in the portfolio."

The key elements of the offering include the following:

• Continuous, portfolio-wide cybersecurity monitoring and assessment.
• A methodology that enables “apples-to-apples” comparison of a firm’s risk and need for attention across the portfolio.
• Expert support to build an oversight program that is formally governed, applied consistently, and designed to grow valuations.

ACA Vantage for Cyber is the latest cybersecurity offering from ACA. ACA Aponix, the cybersecurity division of ACA Group, has helped more than 100 private equity, venture capital, and hedge funds improve cybersecurity oversight of their investments. In addition to ACA Vantage for Cyber, ACA’s Aponix team provides due diligence services to PE sponsors and cybersecurity assessment and remediation services to their portfolio companies.

ACA continues to develop and enhance services that empower PM firms to monitor and react to their portfolio companies risk. Further developments include ACA Vantage for ESG which will allow firms to monitor, assess, and gather data and insights on the ESG posture of their portfolio companies.

About ACA Group

ACA Group (ACA) is the leading governance, risk, and compliance (GRC) advisor in financial services. We empower our clients to reimagine GRC and protect and grow their business. Our innovative approach integrates advisory, managed services, distribution solutions, and analytics with our ComplianceAlpha^® technology platform with the specialized expertise of former regulators and practitioners and our deep understanding of the global regulatory landscape. For more information, visit www.acaglobal.com.

Notes to the editor:

ACA’s recent webcast discussed best practices for cybersecurity oversight and the value-add it brings to sponsors. Other poll results included:

• Almost 50% of firms shared that improving cyber operational efficiencies across their portfolio is the second largest driver for conducting cyber portfolio oversight, with mitigating the growing cyber threats and risks across the portfolio as number one.
• Just 10% of firms have adopted a programmatic approach to cyber oversight that is consistently applied across the portfolio. More than half of firms are still following an ad-hoc approach, where they are conducting some, but not all, activities considered to be part of a programmatic approach inconsistently across the portfolio.
• 21% of firms stated to not be conducting any cyber oversight activities across their portfolio, including cyber due diligence.
• Only 4% of firms stated they had established means to benchmark and compare risk levels across all portfolio companies and aggregate risk levels up to the portfolio level for management, investors, and other stakeholders.