Networking, Content

Private Equity Firms and Cybersecurity: New SEC Requirements?

Business, Technology, Internet and network concept. Labor law, Lawyer, Attorney at law, Legal advice concept on virtual screen.

The Securities and Exchange Commission (SEC) last week proposed new cybersecurity rules to oversee how private equity firms manage risk, SC Media reports. The development could influence cyber practices at Thoma Bravo, Summit Partners, Vista Equity Partners and other firms that invest in MSP-centric technology companies.

According the the SC Media report:

"Under the leadership of SEC Chair Gary Gensler, the commission voted on Feb. 9 to propose a new set of rules, aimed at registered investment companies, registered investment advisers and business development companies or funds that would require concrete cybersecurity policies and procedures that would essentially bring this segment of the financial industry more in line with other areas. The new rules would also demand that advisers report to the SEC cybersecurity incidents that impact themselves, the firm or fund or their clients."

If the new rules move forward, ChannelE2E will be watching to see if or how private equity firms develop and share cybersecurity best practices across their portfolio companies. The topic is especially important in the MSP software market. Indeed, the MSP sector remains a popular target for hacker and and ransomware attacks that seek to spread malware from software suppliers out to MSP partners and then down-stream to end-customer systems.

MSP Software Suppliers: CISOs Emerge

Even before the proposed SEC rules arrive, private equity-backed technology companies that serve MSPs have been improving their cybersecurity postures. Among the moves to note:

  • ConnectWise in early February 2022 named Patrick Beggs as CISO amid a larger company reorg. The real ConnectWise inflection point arrived around March 2020, when the company changed its security tone and commitment for the better.
  • Datto CISO Ryan Weeks has been in place since January 2017. Basically, the MSP-focused technology company ramped up its security team and associated best practices long before the Datto IPO of October 2020.
  • Kaseya in 2021 hired FBI veteran Jason Manar as CISO. The hire came after Kaseya suffered a ransomware attack in July 2021. Manar previously was Assistant Special Agent in Charge for the FBI, overseeing all cyber, counterintelligence, intelligence and the language service programs for the San Diego office. Side note: Manar is scheduled to speak during this SC Media virtual event that runs Feb. 22-23.
  • N-able named Dave MacKinnon as chief security officer just ahead of the company’s spin-out from SolarWinds in 2021. Also ahead of that spin-out, N-able carefully audited its code base and development practices to confirm the company was not hit by the SolarWinds Orion breach.
  • NinjaOne in February 2022 announced Mike Arrowsmith as its new chief trust officer to “take the lead on all security and IT initiatives for NinjaOne, with early priorities focused on scaling and aligning the company’s internal teams and resources.”
  • Whom did we miss? Drop me an email ([email protected]) and we’ll keep the executive in mind for future ChannelE2E and MSSP Alert content.

Dig a little deeper and you'll notice:

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.