KKR builds out cyber-defence capabilities to ‘stay ahead of the game’

The firm has hired a head of cybersecurity in its value creation team, as it seeks to be on top of one of the biggest risks in the PE industry.

KKR is making a concerted focus on cybersecurity as the US financial regulator attempts to increase efforts to protect investors, advisers and companies against cyber threats and attacks.

The alternatives giant has hired a global cybersecurity lead in its digital value creation team. Paul Harragan, a former associate partner at EY-Parthenon who led its cybersecurity practice across Europe, joined the firm in March and will work closely with KKR’s internal cyber team.

He is based in London and is part of KKR Capstone, the firm’s 90-strong value creation team. Efforts to build out this area have been a long-term strategic priority for the firm, it is understood.

The move comes as KKR’s co-head of European private equity warned of big risks in the industry as it steps up cybersecurity efforts in the firm and its portfolio companies.

“You need to continue staying ahead of the game,” Mattia Caprioli, partner and co-head of European private equity at KKR, told Private Equity International in an interview at the firm’s London headquarters. “That’s a risk that we face as an industry and we need to be on top of it.”

Harragan will be a critical resource for the firm in deal diligence and in monitoring its portfolio companies, Caprioli said. He will be tasked to look at new techniques to make sure the firm’s companies have best in class firewalls and protection.

Harragan previously advised both private equity and corporates on cybersecurity strategy, risk and transformation. He has led cybersecurity diligence on deals with a combined equity value of over $50 billion across multiple industries globally, according to a KKR spokesperson.

KKR has raised more than €6 billion for KKR European Fund VI, according to sources cited in a Bloomberg report. The fund, which has not yet held a final close, has already surpassed the €5.8 billion raised for its 2018-vintage predecessor. Minnesota State Board of Investment and China Life Insurance are investors in the fund, PEI data shows.

A spokesperson for KKR declined to comment on the fundraise.

In February, the US Securities and Exchange Commission proposed a raft of cybersecurity risk management rules for private funds to double down its efforts to protect investors, advisers and companies against cyber threats and attacks.

“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” SEC chair Gary Gensler said in a statement.

Last week, the SEC’s examination division, tasked with monitoring risks and ensuring investor protection, highlighted information security among its priorities in 2022, saying applying information security controls is “critical to business continuity”. The division will review whether firms have taken appropriate measures including safeguarding customer accounts; addressing malicious email activities, such as phishing or account
intrusions; and responding to incidents related to ransomware attacks, among others.

KKR over the years has backed cybersecurity companies including Tampa Bay-based KnowBe4; NETSPI, a Minneapolis-based provider of application and network security testing services; and Optiv Security, a Denver-based cybersecurity consultant.

Cybersecurity is on PE investors’ minds – more than two-thirds of respondents in Dechert’s 2022 Global Private Equity Outlook cite privacy and data security as among their many ESG concerns.

To access more KKR insights, analysis and data, click here