When cybersecurity is mission-critical
European regulators had forced a financial services firm to carve out its payments processing business. Two private equity firms purchased a majority share of the business and set out to transform it into a stand-alone fintech company. The PE owners hired executives and advisors to build out key functions for the company, including the HR and IT departments, and a basic back office.
The carve-out was completed in 2010—in legal terms, at least, but there was much work to do on the operational front. In particular, the new business needed to address cybersecurity—clearly a mission-critical priority for any payments processing enterprise. The carved-out company had a legacy IT system that it inherited from its former parent company and numerous other platforms through acquisition. They needed outside help to assess the robustness of the company’s cybersecurity measures, so they called AlixPartners.
A new plan helps build a solid cybersecurity foundation
The ultimate goal was to get everyone in the company thinking about security the right way. Our team began its job by auditing the company’s cybersecurity measures to determine its vulnerability to common traps, like porous firewalls or weak security around servers and data centers. We assessed the company’s cybersecurity maturity on technical as well as managerial and governance criteria. We then quantified the business risks these cybersecurity gaps presented—such as damage to the company’s reputation, loss of customers, and wasted investment for the PE owners.
Drawing on our findings, we built a remediation plan that would help the company build a stable cybersecurity foundation. We also defined a process that the company could use to assess potential M&A deals, and to integrate any businesses it may acquire in the future into its cybersecurity architecture.
It was also critical to help executives learn how to more effectively anticipate and prevent security problems. To improve cybersecurity knowledge across the company, we helped to set up a security advisory board, which comprised c-suite executives and several external advisors. The group met monthly to discuss cybersecurity issues and reported directly to the CEO.
When it really matters
Cybersecurity is fundamental to a payments company. AlixPartners helped define and resolve the key risks, then establish a more proactive program for cybersecurity governance. Our team did this using experienced security professionals in very small numbers to achieve results quickly—positioning this company to grow sustainably and securely into the future.