Call Us
Contact Us
Request A Demo
Contact Us
Request A Demo
Home > Resources > Insights

Insights

The cyber landscape never stops shifting – and neither should your perspective. Our Insights bring you expert commentary, thought leadership and practical guidance on the issues shaping the alternative investments sector. Stay ahead of regulators, satisfy investors, and strengthen your resilience with analysis from the team that knows your world best.

  • The cyber score as market context, not abstraction A meaningful cyber score is not just an internal management tool. It reflects how firms are already being viewed externally. Increasingly, cyber maturity is assessed comparatively during due diligence, regulatory reviews, and insurance underwriting. Firms are measured against peers, and gaps are quickly exposed. This is where independence and data scale matter. A score derived from a narrow ecosystem or a single IT provider’s client base offers limited context. In contrast, a score grounded in broad market data provides PE firms with a realistic view of how portfolio companies stack up across the industry, not just within a closed environment. Customized benchmarking for better decisions One of the most important developments in cyber scoring is the ability to customize peer benchmarking. Not all comparisons are equally useful. A software business should not be measured against a manufacturing firm, nor a growth-stage company against a mature enterprise. Customized peer groups allow sponsors to benchmark portfolio companies against organizations that are genuinely comparable by size, sector, geography or operating model. This creates more relevant insight and supports better decision-making. Sponsors can identify which companies are performing strongly relative to peers, and which require targeted intervention to avoid becoming value-draining areas of elevated risk. Just as importantly, customized benchmarking allows PE firms to identify characteristics they want to emulate across the portfolio, using high-performing peers as reference points rather than theoretical best practice. From score to strategic tool When used correctly, a cyber score becomes far more than a compliance checkbox. It becomes a portfolio management tool that supports prioritization, reporting, and governance. Strong scores can be used to demonstrate maturity to LPs and buyers, while weaker areas are surfaced early enough to address without time pressure. In an environment where cyber scrutiny continues to intensify, knowing your portfolio’s cyber position is no longer optional. The firms that benefit most will be those that treat the cyber score not as a technical output, but as a strategic signal - one that creates clarity, confidence and control across the portfolio.

    The Drawbridge Cyber Score as a portfolio tool – from measurement to meaningful comparison

    By Eric Bernstein, CEO, Drawbridge  Cyber risk has become a defining factor in how private equity firms protect value, manage portfolios and demonstrate governance to investors. Yet for many PE sponsors, cyber oversight remains fragmented, reactive or difficult to scale across multiple portfolio companies. In this three-part series, we explore how portfolio-level cyber analytics are…

    Read more: The Drawbridge Cyber Score as a portfolio tool – from measurement to meaningful comparison
  • Two professionals walking down a curved indoor staircase

    Portfolio company analytics – why cyber oversight now defines value creation

    By Eric Bernstein, CEO, Drawbridge  Cyber risk has become a defining factor in how private equity firms protect value, manage portfolios and demonstrate governance to investors. Yet for many PE sponsors, cyber oversight remains fragmented, reactive or difficult to scale across multiple portfolio companies. In this three-part series, we explore how portfolio-level cyber analytics are…

    Read more: Portfolio company analytics – why cyber oversight now defines value creation

  • The Weakest Link Is Rarely Where You’re Looking: Third-Party Cyber Risk Under Reg S-P

    By Simon Eyre, Chief Information Security Officer, Drawbridge Why intelligence-led approaches are essential to meet rising threats, regulatory demands and investor expectations Alternative investment firms have strengthened internal cybersecurity significantly over the past decade. Controls are more mature, governance is better defined, and boards are more engaged. Yet many of the most disruptive incidents still…

    Read more: The Weakest Link Is Rarely Where You’re Looking: Third-Party Cyber Risk Under Reg S-P
  • Two professionals reviewing cybersecurity and operational risk documentation in a modern office

    Cyber Risk Intelligence: Turning Data into Resilience for Alternative Investments

    By Eric Bernstein, CEO, Drawbridge Why intelligence-led approaches are essential to meet rising threats, regulatory demands and investor expectations The alternative investment industry is entering a new era of scrutiny. Regulators, investors and counterparties are paying closer attention to how firms manage operational risk, and cybersecurity sits at the heart of that conversation. Threat actors…

    Read more: Cyber Risk Intelligence: Turning Data into Resilience for Alternative Investments
  • Professional reviewing cybersecurity risk metrics on a printed report, reflecting Drawbridge’s technology-driven approach to monitoring, assessing, and managing security risk for alternative investment firms.

    Cyber Security Scoring: A Smarter Way to Benchmark Risk

    By Art Murphy A few weeks ago, I sat down with a table full of C-level execs from private equity and hedge funds. The conversation went wide from SEC prep (of course) to cyber hygiene, and then someone mentioned an LP asking about their Drawbridge Score and the whole table paused. No one asked, “What’s that?” They…

    Read more: Cyber Security Scoring: A Smarter Way to Benchmark Risk
  • A business professional reviewing cybersecurity performance metrics on a tablet during a meeting, illustrating data-driven cyber resilience discussions within an investment firm.

    From Compliance to Confidence

    Cyber Resilience as a Strategic Advantage in Alternative Investments By Eric Bernstein, CEO, Drawbridge We continue to see the topic of cybersecurity move from the back office to the investment committee. What was once a compliance obligation is now a defining factor in investor trust and capital allocation. For alternative investment firms, cyber resilience has…

    Read more: From Compliance to Confidence
  • investment advisors

    SEC Cybersecurity

    Where do you stand, and what’s coming for investment advisors? What you should know For firms with assets over $1.5bn, the changes to Regulation S-P will take effect on December 3rd, 2025. In combination with the 2025 SEC Examination Priorities, there is work to be done to meet both the rule and guidance from the…

    Read more: SEC Cybersecurity
  • Padlock protected laptop

    Is AI the death of “Trust but Verify” Cybersecurity?

    Cyber security risk assessments take multiple staff members time to complete. Even once that time has been accounted for (usually with HR, Operations, IT and Legal involved) you still need someone to manage the results. You’ll often have remediation work for the IT team, remediation work for HR, and need someone to oversee those actions…

    Read more: Is AI the death of “Trust but Verify” Cybersecurity?

  • Drawbridge Receives SOC 2 Type II Attestation

    We are proud to share we have completed our SOC 2 Type II audit. This attestation provides evidence that Drawbridge continues to focus on our strong commitment to security, but also to delivering first class services to our clients by demonstrating we have the necessary internal controls and processes in place to support our clients…

    Read more: Drawbridge Receives SOC 2 Type II Attestation
  • A cyber defense shield being targeted by a breach

    Linedata Breach – August 11th, 2025

    Linedata’s Icon was targeted in a cyber attack on 11th August, 2025. The attack has resulted in reported outages of Icon while the investigation and recovery process are in progress. Their official statement is available here. The attack highlights that firms should always remain vigilant to an often-quoted phrase, “It’s a matter of when you’ll…

    Read more: Linedata Breach – August 11th, 2025
  • Nearly Half of Portfolio Companies Skip Critical Cyber Testing. What Does That Mean for Your Portfolio?

    Nearly Half of Portfolio Companies Skip Critical Cyber Testing. What Does That Mean for Your Portfolio?

    In an evaluation of 1,000 cyber risk assessments, 48% of firms performed external penetration testing less than once a year, if at all. That’s a staggering gap, especially in an industry where timing and risk precision are everything. For private equity firms, this is more than a cybersecurity concern. It’s a portfolio-level business risk. One…

    Read more: Nearly Half of Portfolio Companies Skip Critical Cyber Testing. What Does That Mean for Your Portfolio?
  • AI governance isn't a “set it and forget it” exercise. As AI capabilities evolve, so too must your approach to managing them. Firms that build agility into their governance—through frequent policy reviews, cross-functional collaboration, and continuous education—will be best positioned to harness AI’s benefits without falling prey to its risks. In a landscape where regulators are watching and technology is shifting by the minute, proactive AI risk management is no longer optional—it’s a core business responsibility.

    AI is moving fast—are your policies keeping up?

    Are you treating AI like a helpful assistant—or a ticking time bomb? AI is making our lives easier, no question. However, when introduced into the workplace without clear oversight, it can pose serious risks to your business—from regulatory exposure to cybersecurity threats. AI Risk Management Starts with Clear Policies and Communication Drawbridge’s Simon Eyre and…

    Read more: AI is moving fast—are your policies keeping up?