Without Cybersecurity, Small Businesses Can Get a Lot Smaller

Having acquired many small businesses over the years, entrepreneur Keith Burns observed a growing problem in the lower-middle-market - even the most talented CEOs have very little understanding of the evolving threats and opportunities around cybersecurity. 

"People don’t recognize how much of their value is left exposed by not having the right security posture in place," Burns tells Search Party. "It’s basically like opening your wallet and leaving it out there — that’s what a lot of companies are doing because they don’t know what their true exposure is."

Burns is now the CEO of CyberData Pros, having acquired it from founder and fellow panelist Chris Arrendale. Burns and Arrendale are joined by a customer of CyberData Pros - Jonathan Taylor of AEK Technology. - who shares his experience as the CEO of a small defense contractor trying to meet the rigorous new standards and certifications required by his own customers. "At the highest level, you just will lose revenue opportunities" if your company does not invest the time and resources in cybersecurity certifications like CMMC, SOC 2 and ISO 27001, Taylor says. "We’ve actually started to see CMMC requirements placed in government solicitations. If you do not meet those requirements, you’re just not going to be able to bid on them."

Key takeaways from this episode of Search Party:

• For the entrepreneurs who've staked their net worth on a single acquired business, cybersecurity isn't a tech expense — it's the same kind of insurance policy you'd take out on the building, and skipping it leaves the most valuable thing you own sitting wide open.
• If you're planning to sell to a PE firm down the road, getting your cyber house in order before the deal process isn't optional anymore — buyers are showing up with forensic-level audits, and a messy security posture will come straight off your EBITDA or your multiple.
• AI has completely changed the math for criminals targeting small businesses — it used to take effort to attack a company; now a bad actor can hit 5,000 businesses in ten seconds, which means the neighborhood drycleaner and the 12-person aerospace distributor are just as much in the crosshairs as the Fortune 500.
• Recently-acquired, private equity-backed businesses are often the target of cyber attacks immediately after the deal announcement is release.

Access the transcript and a searchable archive on the Search Party Substack: https://searchpartychannel.substack.com/publish/post/192230318

#eta #search #privateequity #investing #ceo #cybersecurity