Insight

How should investment firms (including Venture Capital and Private Equity) manage geopolitical and cyber risk in their portfolio?

Strategic Context

1. Attacks by well-resourced threat actors (nation-states and cybercriminals) are on the rise and rapidly evolving: High-growth firms are targeted for their IP in strategic technologies, role in the digital supply chain, and market position. An early loss of critical IP can leave a company dead in the water.

2. A cyber event can have significant impact to investment performance and require a change in exit strategy: The SolarWinds attack resulted in an immediate 40% drop in value and significant litigation expenses.

3. Board members have been increasingly put to task for their role and responsibility for cybersecurity, including becoming the target of litigation following cybersecurity incidents: The SEC is considering additional rules for board oversight of cybersecurity risk for public companies.

Geopolitical-Cyber Risk Factors

1. Portfolio companies working on critical and emerging technologies (see list here) are in the geopolitical bullseye for targeting (no firm is too small to warrant even a nation-state’s attention if their IP, products, military/critical infrastructure customers, or talent are strategically important).

2. National security, AI risk, and data privacy concerns are motivating increasingly stringent policy regulations, export controls, and investment screening policies that will impact portco operations and investment firm growth strategies, requiring changes in IT infrastructures and portco security postures.

KSG Solution Approach: Integrate geopolitical-cyber risk intelligence, business strategy, and technology security considerations given portfolio composition.

1. Develop Strategic Threat Models: Prioritize risks to portco value chains given the threat landscape, third-party/supply chain, and shared customer exposure.

2. Perform Capability Assessments: Ensure business objectives align with the security program and existing technical controls, given the threat model.

3. Mitigate Risk and Strengthen Resilience: Recommend tactical control improvements and strategic security posture changes with business justification for leadership.

4. Establish Cyber Risk Management Programs: Integrate continuous geopolitical-cyber risk management into risk governance frameworks, diligence activities, training & exercises, security vendor selection, and strategic investment decision-making.

For more information or assistance on these issues, please reach out to intel@ks.group.

Forwarded this ExecBrief by a friend? Click below to sign up for our weekly dispatch.

Global Scan

Geopolitics

1. Oil and Gas Giants Diversifying into Lithium: Major global firms like ExxonMobil, Occidental Petroleum, and Equinor are exploring whether their extraction know-how could be deployed to process lithium.

2. Vietnam’s Tech Manufacturing Boom Goes Bust: The country had been a hotbed of electronics production last year, but as appetites for gadgets cools, around 45,000 jobs are now being cut. Experts don’t expect a quick recovery.

Cybersecurity

1. Hackers Claim to Offline Russian Satellite Comms Provider: Amid infighting between the Russian armed forces and the Wagner private military group, Dozor-Teleport—which serves several of the country’s energy, defense, and security services—was knocked offline. Analysts vary on whether Wagner affiliates or Ukrainian entities are behind the attack, which bears similarity to the Viasat hack from early 2022.

2. Canada’s Suncor Suffers Major Cyber Incident: Analysts call the breach the most significant against an oil and gas company in Canadian history, disabling point-of-purchase transactions for consumers across the country.

3. Massive Hack-and-Leak Hits Iranian Government: A group likely affiliated with the Iranian exile group MEK leaked hundreds of highly sensitive official documents in “one of the worst cases that has been publicly discussed” to hit Tehran. The leak comes amid reports of US-Iranian talks regarding Iran’s nuclear program.

Strategic and Emerging Technology

1. LG Kicks Off Colossal Ramp-Up of Battery Production: The company is set to produce nearly 280 gigawatt-hours per year from factories across the United States, enhancing its capacity in the country by orders of magnitude through 2027.

2. Space Industry Saw Rapid Growth Since 2012: Among the statistics released by the US Commerce Department: the space economy accounted for $212 billion in the country’s gross output in 2021, as well as 360,000 jobs.

3. Japan State-Backed Fund Buys Leading Chipmaker: Investors called JSR’s acceptance of the $6.4 billion buyout offer a “stunning” act of government intervention into the country’s semiconductor industry.

Policy/Regulation

1. New Chinese Anti-Espionage Law Comes into Effect: The vaguely worded legislation grants law-enforcement bodies sweeping new powers and creates new uncertainty amid already tense geopolitical atmosphere between China and the West.

2. Biden Administration Considering New Curbs on Semiconductors: Under the new restrictions, chips from Nvidia, Micron, and AMD could be banned from export to China as early as next month. Washington is concerned Beijing could use the tech to gain an edge in artificial intelligence.

Bookmarks

1. Tech Policy Press: Exploring Global Governance of Artificial Intelligence