Drawbridge was pleased to sponsor and attend Real Deals PE Live 2026, alongside leaders from across the private equity ecosystem, to explore a question that’s becoming hard to ignore: what does “cybersecurity that matters” look like in practice, and what is it really worth?
The day underlined a shift we’re seeing more often in deals and across portfolio work: cybersecurity is moving from a supporting functions towards a driver of performance, valuation and investor confidence.
Across the conversations, one theme kept coming up: in today’s market, technology maturity and risk management are becoming part of the value-creation story; it is not an afterthought.
A market defined by pressure and selectivity
The wider market backdrop set the tone. Liquidity is still the sticking point, and not because capital has dried up, but because distributions have. As several speakers put it, “DPI is the new IRR”, with LPs paying closer attention to realised returns than paper gains.
• Greater scrutiny of managers
• More pressure on exit readiness
• More concentrated re-ups with existing GPs
Interestingly, performance across parts of the market is running ahead of historical averages, creating a paradox: strong underlying results, but constrained capital recycling.
In this environment, differentiation matters. Managers are being asked to show more than financial engineering. They need to evidence operational capability and increasingly that includes technology foundations and cyber maturity.
AI is now a valuation lever
Another strong theme was how quickly AI has moved from “nice to have” to a live lever in investment cases and valuations.
In diligences, it’s increasingly treated as a standard set of questions:
• How deeply is AI embedded in the business?
• What will it cost to enable it properly?
• What’s the upside once it’s implemented well?
Buyers are already building AI transformation into pricing. Examples discussed included:
• c. £1m “transformation gaps” where AI isn’t yet embedded
• c. 15% EBITDA uplift potential from effective implementation
• c. £5m valuation deltas linked to AI-driven performance improvements
The takeaway was simple: technology isn’t just an enabler anymore and it’s increasingly being priced as a contributor to enterprise value.
Governance is the missing piece
There was also a consistent note of caution: you don’t get value from AI without the right foundations in place.
It’s not just about buying tools. Teams need governance that’s practical and ongoing, including:
• Clear policies and guidance
• Defined controls and accountabilities
• Ongoing governance and review
• Measurable oversight and reporting
Without this, firms take on both operational risk and valuation risk. Several panellists noted that falling behind on “governance as adoption accelerates” can have a very real impact on enterprise value.
This is where AI governance and cybersecurity start to overlap.
Cyber is following the same trajectory
AI due diligence is now firmly part of many deal processes. Cybersecurity is close behind.
The discussion described an evolution in diligence priorities:
- Financial due diligence
- Technology due diligence
- AI due diligence
- Cyber due diligence (emerging as the next standard)
It reflects a broader reality: cyber risk is business risk. For private equity, that shows up across the lifecycle:
• Pre-deal: uncovering risks that affect pricing and deal structure
• Hold period: improving resilience and reducing the chance of disruption across the portfolio
• Exit: protecting valuation and buyer confidence
From our work with portfolio companies, we see how quickly a single weak control can become commercial: it can slow diligence, trigger remediation plans, delay signing, or chip away at buyer confidence. That’s why cyber maturity is increasingly viewed as value protection and not just compliance.
Operational alpha is back in focus
A final point worth noting was the renewed focus on operational alpha, particularly in the lower and mid-market. Compared with mega-funds, these managers often have:
• Closer access to portfolio leadership teams
• More room to drive transformation
• More flexibility to implement change quickly
That’s a real opportunity, but it also raises expectations. Allocators want to back teams that can demonstrate:
• Operational transformation capability
• Technology-led value creation
• A differentiated approach to risk management
Cyber and AI sit right at the centre of that conversation.
Key takeaways from the day
A few points came through clearly across the panel and the wider conversations:
- Value creation is evolving. Technology, AI and cyber are increasingly linked to EBITDA and enterprise value.
- Governance is critical. Tools alone aren’t enough—clear ownership, controls and oversight matter.
- Cyber is moving up the agenda. Following AI, cyber due diligence is on track to become a standard part of the deal process.
- Differentiation is increasingly operational. Managers need to show how they improve businesses—not just acquire them.
- Investor expectations are rising. LPs want transparency and evidence of outcomes, not only projections.
Final reflection
The event captured a market in transition. AI is already influencing how businesses are priced and how growth plans are underwritten. Cybersecurity is heading the same way and fast becoming something buyers and investors expect to see handled well, not explained away. For firms that get the basics right, the prize is tangible: stronger portfolios, smoother exits and greater investor confidence. For those that don’t, the cost tends to show up at the worst possible moment: during diligence or at exit.
Contact Rishi Kotecha direct to talk more.
