Cybersecurity Starter Kit for Search Fund Companies

The following resources are being made available to all CEOs and board members within the search fund ecosystem. You are free to customize and share these resources with others.

We strongly recommend that all CEOs, boards, and related stakeholders take a more active, consistent approach to cybersecurity both now and going forward. Attacks are escalating in both frequency and severity, and many of these attacks can be prevented with basic security policies and procedures in place.

Six Steps to Basic Cybersecurity Readiness

Here are six steps you can take today to start your journey to Cybersecurity Readiness.

Appoint a cybersecurity compliance leader. Typically a COO, CFO, or CTO is recommended, and it should not be the CEO. Note: You should have an internal leader even if you use a vendor to manage most of your cybersecurity day to day.
Establish a known good baseline. Use the Quickstart Assessment to get started.
Establish applicable policies and procedures. If you are in a regulated industry or are subject to compliance regimes such as HIPAA or PCI, a more comprehensive policy framework is required. We recommend using the templates provided by SANS if you do not have policies in place.
Review, test and update your policies and procedures regularly (at least once per year, preferably quarterly) as well as any time there is a significant change to your network or infrastructure.
Establish regular training programs for all team members, and communicate cybersecurity initiatives, issues and threats regularly with your team via monthly all-hands or your current methods for sharing company information. Companies have had success establishing a Slack or Teams channel dedicated to cyber threat information.
Add cybersecurity to your board meeting agenda going forward and ensure that you and your board are aligned on the importance of preparing your company to address this ongoing threat.

Links to preferred vendors for endpoint protection solutions, training and other items can be found in the Quickstart Assessment.

Key Resources to Help You On Your Journey

Recommended Partners
- Horn IT works with many search fund companies on cybersecurity and compliance projects and is a trusted partner of Pacific Lake. Contact Horn IT directly to schedule your free assessment
- Turnpoint Technology is a trusted partner of Trilogy Search Partners. You can read about Aaron Marks from Turnpoint here and schedule an initial conversation here.
- CoreTelligent is a trusted partner of Pacific Lake. CoreTelligent will conduct an initial assessment at no charge to help you plot the path forward. Contact Jason Rossi at [email protected]
- Cybersecurity insurance from Epic Brokers. Contact Jeff Roblin ([email protected]) for your free cybersecurity policy review or to discuss your policy needs.
Monthly Cybersecurity Briefing – Each 3rd Wednesday of every month at 1 p.m. ET, we cover current threats, a topic from the NIST Cybersecurity Framework, and live Q&A. This briefing is open to anyone on your team who is interested in joining. Register by filling out this form. Previous briefings can be viewed here.
CISA Alerts – Free alert newsletter provided by the US government.
Cyber Insurance Top 10 List – a list of network security controls that cyber underwriters expect to see, created by Epic Insurance
Cybersecurity Hygiene Checklist – use this checklist to track compliance with critical cybersecurity activities throughout the year

If you have any questions, comments or suggestions related to the resources provided here, please email us at [email protected]

Frequently Asked Questions

“Our company doesn’t really store any sensitive data that an attacker would care about. Are we still a target?”

YES! Attackers will look not only to steal sensitive data but lock up critical machines and systems via a ransomware attack. All companies are susceptible to attack.

“I don’t have any idea if we’re in good shape or bad shape right now. How do I get started?”

Download the Quickstart Assessment above and complete it with help from your team and/or IT provider.
Request a free assessment from one of our recommended providers.

“I don’t have an internal IT staff. Are there providers you’d recommend that I work with?”

See the Key Resources section above for our list of recommended providers.

“How much does it cost to get current and protect my company?”

Overall annual budget for a typical search fund company is typically $40-60K per year, not including employee costs.
Software companies will have additional costs related to code security scanning, application vulnerability testing, and application infrastructure monitoring.

“My board doesn’t want me to prioritize spending time or money on making sure we’re protected. How do I convince them it’s worth it?”

There is no greater near-term existential threat to your business than a cyber attack that you are not prepared for. It is not uncommon for businesses to be offline for a week or more, or to have to pay six-seven figure ransoms.

AMA Recap: Leveraging Generative AI as a Non-AI Company

With the explosion of excitement around generative AI, many companies are asking how it will affect them. While not every company has a strategy to become an AI company, every company can use AI to be more efficient. In this session, Tony Aug, Co-Founder and CEO of Nimble Gravity, walks through how generative AI models work, use cases for a non-AI company, and how to refine your use of generative AI.

Collecting and Leveraging Voice of the Customer Insights

Brad Cates is the Founder and CEO at 37th Parallel Advisors, a Strategic Advisory and Coaching firm based in Cincinnati, Ohio. Previously, he was the President and CEO of Prosource and the President of Standard Register Healthcare. In this guide, he walks through building mechanisms to collect customer insights and incorporate them into activities across your business functions.

Leveraging Generative AI as a Non-AI Company

Nimble Gravity is an international data science, engineering, and digital transformation advisory firm. They leverage business acumen, data acquisition and engineering, and AI/ML techniques to generate impactful insights. In this guide, Tony Aug, Co-Founder and CEO, walks through how generative AI models work, use cases for a non-AI company, and how to refine your use of generative AI.

Capturing, Converting, and Nurturing Leads with Content

Annie Mosbacher and Kristin Spiotto are the Co-Founders of Decoded Strategies, a marketing and retention strategy firm that supports exceptional companies like McDonald’s, Synack, and Red Hat. In this guide, they walk through building lead-generating content, following up with emails to convert, and building a nurture program for leads that drop out.

Seller Story: Jeffrey Eschbach

Jeffrey Eschbach is the former CEO of Page Vault, an eDiscovery technology company that captures digital evidence to be used by law firms in litigation. He sold PageVault to Luke Suydam and Alex Sappington but is still involved in the business today as the Head of Customer Solutions. In the following guide, Jeff discusses how he built and sold the business, how he assessed buyers, and his experience working with Luke and Alex.

Adjusting Your Sales Strategy in a Downturn

Roz is the Co-Founder & Chief Enablement Officer at Level213, a boutique consultancy that specializes in revenue enablement for growing technology companies. She previously led sales & enablement teams at Optimizely and Oracle. In this guide, she walks through how to succeed in sales in difficult economic times. She discusses how sales positioning, sales process, and sales management should change in a downturn to meet buyers where they are at when buyers are more cautious with their spend, and apply greater scrutiny to every purchasing decision.

More Resources