Call Us
Contact Us
Request A Demo
Contact Us
Request A Demo
Home > Resources > Insights

Insights

The cyber landscape never stops shifting – and neither should your perspective. Our Insights bring you expert commentary, thought leadership and practical guidance on the issues shaping the alternative investments sector. Stay ahead of regulators, satisfy investors, and strengthen your resilience with analysis from the team that knows your world best.

  • Close-up of a person typing on a laptop while seated, with another individual partially visible in the background in a modern office setting.

    Why AI risk is now a core part of cyber risk

    AI is reshaping the cyber risk landscape Cyber risk has long been recognized as a critical issue for alternative investment firms. It affects operational resilience, investor confidence and, increasingly, valuation and deal outcomes.Artificial intelligence is now reshaping that risk landscape. The introduction of AI does not necessarily change the systems firms rely on. Instead, it…

    Read more: Why AI risk is now a core part of cyber risk
  • A professional man in a suit sits at a desk in a modern office, reviewing printed documents while working on a laptop, with sticky notes visible on a glass wall behind him.

    AI adoption is outpacing governance in alternative investments

    AI is already embedded in day-to-day workflows Artificial intelligence is already embedded across the alternative investment industry. From research and due diligence to operational workflows and investor communications, AI tools are being adopted at pace – often informally and without central oversight. This is not unusual. Most technological shifts begin at the edges of an…

    Read more: AI adoption is outpacing governance in alternative investments

  • Low Lift, High Value: Making Cyber Oversight Work Across the Portfolio

    By Eric Bernstein, CEO, Drawbridge Cyber risk now sits firmly on the private equity agenda. PE firms understand that a vulnerability at a single portfolio company can quickly become a fund-level issue, affecting valuation, investor confidence and exit outcomes. Yet some firms still hesitate to implement portfolio-wide cyber oversight for one simple reason: they assume…

    Read more: Low Lift, High Value: Making Cyber Oversight Work Across the Portfolio
  • Two professionals reviewing analytics charts and performance data on a laptop during a business meeting.

    Using cyber analytics to drive action across the portfolio

    By Eric Bernstein, CEO, Drawbridge  Cyber risk has become a defining factor in how private equity firms protect value, manage portfolios and demonstrate governance to investors. Yet for many PE sponsors, cyber oversight remains fragmented, reactive or difficult to scale across multiple portfolio companies. In this three-part series, we explore how portfolio-level cyber analytics are…

    Read more: Using cyber analytics to drive action across the portfolio
  • The cyber score as market context, not abstraction A meaningful cyber score is not just an internal management tool. It reflects how firms are already being viewed externally. Increasingly, cyber maturity is assessed comparatively during due diligence, regulatory reviews, and insurance underwriting. Firms are measured against peers, and gaps are quickly exposed. This is where independence and data scale matter. A score derived from a narrow ecosystem or a single IT provider’s client base offers limited context. In contrast, a score grounded in broad market data provides PE firms with a realistic view of how portfolio companies stack up across the industry, not just within a closed environment. Customized benchmarking for better decisions One of the most important developments in cyber scoring is the ability to customize peer benchmarking. Not all comparisons are equally useful. A software business should not be measured against a manufacturing firm, nor a growth-stage company against a mature enterprise. Customized peer groups allow sponsors to benchmark portfolio companies against organizations that are genuinely comparable by size, sector, geography or operating model. This creates more relevant insight and supports better decision-making. Sponsors can identify which companies are performing strongly relative to peers, and which require targeted intervention to avoid becoming value-draining areas of elevated risk. Just as importantly, customized benchmarking allows PE firms to identify characteristics they want to emulate across the portfolio, using high-performing peers as reference points rather than theoretical best practice. From score to strategic tool When used correctly, a cyber score becomes far more than a compliance checkbox. It becomes a portfolio management tool that supports prioritization, reporting, and governance. Strong scores can be used to demonstrate maturity to LPs and buyers, while weaker areas are surfaced early enough to address without time pressure. In an environment where cyber scrutiny continues to intensify, knowing your portfolio’s cyber position is no longer optional. The firms that benefit most will be those that treat the cyber score not as a technical output, but as a strategic signal - one that creates clarity, confidence and control across the portfolio.

    The Drawbridge Cyber Score as a portfolio tool – from measurement to meaningful comparison

    By Eric Bernstein, CEO, Drawbridge  Cyber risk has become a defining factor in how private equity firms protect value, manage portfolios and demonstrate governance to investors. Yet for many PE sponsors, cyber oversight remains fragmented, reactive or difficult to scale across multiple portfolio companies. In this three-part series, we explore how portfolio-level cyber analytics are…

    Read more: The Drawbridge Cyber Score as a portfolio tool – from measurement to meaningful comparison
  • Two professionals walking down a curved indoor staircase

    Portfolio company analytics – why cyber oversight now defines value creation

    By Eric Bernstein, CEO, Drawbridge  Cyber risk has become a defining factor in how private equity firms protect value, manage portfolios and demonstrate governance to investors. Yet for many PE sponsors, cyber oversight remains fragmented, reactive or difficult to scale across multiple portfolio companies. In this three-part series, we explore how portfolio-level cyber analytics are…

    Read more: Portfolio company analytics – why cyber oversight now defines value creation

  • The Weakest Link Is Rarely Where You’re Looking: Third-Party Cyber Risk Under Reg S-P

    By Simon Eyre, Chief Information Security Officer, Drawbridge Why intelligence-led approaches are essential to meet rising threats, regulatory demands and investor expectations Alternative investment firms have strengthened internal cybersecurity significantly over the past decade. Controls are more mature, governance is better defined, and boards are more engaged. Yet many of the most disruptive incidents still…

    Read more: The Weakest Link Is Rarely Where You’re Looking: Third-Party Cyber Risk Under Reg S-P
  • Two professionals reviewing cybersecurity and operational risk documentation in a modern office

    Cyber Risk Intelligence: Turning Data into Resilience for Alternative Investments

    By Eric Bernstein, CEO, Drawbridge Why intelligence-led approaches are essential to meet rising threats, regulatory demands and investor expectations The alternative investment industry is entering a new era of scrutiny. Regulators, investors and counterparties are paying closer attention to how firms manage operational risk, and cybersecurity sits at the heart of that conversation. Threat actors…

    Read more: Cyber Risk Intelligence: Turning Data into Resilience for Alternative Investments
  • Professional reviewing cybersecurity risk metrics on a printed report, reflecting Drawbridge’s technology-driven approach to monitoring, assessing, and managing security risk for alternative investment firms.

    Cyber Security Scoring: A Smarter Way to Benchmark Risk

    By Art Murphy A few weeks ago, I sat down with a table full of C-level execs from private equity and hedge funds. The conversation went wide from SEC prep (of course) to cyber hygiene, and then someone mentioned an LP asking about their Drawbridge Score and the whole table paused. No one asked, “What’s that?” They…

    Read more: Cyber Security Scoring: A Smarter Way to Benchmark Risk
  • A business professional reviewing cybersecurity performance metrics on a tablet during a meeting, illustrating data-driven cyber resilience discussions within an investment firm.

    From Compliance to Confidence

    Cyber Resilience as a Strategic Advantage in Alternative Investments By Eric Bernstein, CEO, Drawbridge We continue to see the topic of cybersecurity move from the back office to the investment committee. What was once a compliance obligation is now a defining factor in investor trust and capital allocation. For alternative investment firms, cyber resilience has…

    Read more: From Compliance to Confidence
  • investment advisors

    SEC Cybersecurity

    Where do you stand, and what’s coming for investment advisors? What you should know For firms with assets over $1.5bn, the changes to Regulation S-P will take effect on December 3rd, 2025. In combination with the 2025 SEC Examination Priorities, there is work to be done to meet both the rule and guidance from the…

    Read more: SEC Cybersecurity
  • Padlock protected laptop

    Is AI the death of “Trust but Verify” Cybersecurity?

    Cyber security risk assessments take multiple staff members time to complete. Even once that time has been accounted for (usually with HR, Operations, IT and Legal involved) you still need someone to manage the results. You’ll often have remediation work for the IT team, remediation work for HR, and need someone to oversee those actions…

    Read more: Is AI the death of “Trust but Verify” Cybersecurity?