Friday Letter: Cyberattack on ATV a wake-up call for venture

With the firm Advanced Technology Ventures getting hit by a cyberattack in July, a light is being shown on how vulnerable the venture community is.

This is the classic case in which a cobbler’s children have no shoes.

News broke middle of this week that venture firm Advanced Technology Ventures, with offices in Boston and Menlo Park, was hit by a ransomware attack on July 9 that resulted in the theft of personal information relating to its limited partners. The stolen information includes names, emails, phone numbers and Social Security numbers of individual investors in its funds.

An estimated 300 investors were impacted by the incident, although the firm noted that there is no known incident of any fraud or misuse of information as a result of the cyber-hack.

The firm disclosed the attack in a letter sent to the Maine Attorney General’s Office. (TechCrunch wrote about it here.)

We’ve heard of cyberattacks on other financial institutions, e-commerce sites, healthcare organizations, utilities and corporations.

But seeing cyber-criminals hack a venture fund is noteworthy for a few reasons.

Many venture firms, especially the smaller firms, as well as the emerging managers, go to great lengths to protect the identity of their LPs from public scrutiny. And many of the LPs, beyond the pensions and other public-facing investors, are an assortment of high-net-worth individuals, family offices and sovereign wealth funds who value their privacy. Having their financial and personal information disclosed by a hack should send shivers down most of their spines.

And that’s not to mention the breach to other portfolio company information that may be housed on a venture firm’s server, such as intellectual property related to a start-up.

Firms are a target that just seem ripe for the picking.

And yet venture is no stranger to cybersecurity. Billions of venture dollars have flowed into cybersecurity companies. Less than six months into the year, cybersecurity start-ups raised $9.9 billion worldwide, or 96 percent of the total raised in all of last year, according to PitchBook.

Many firms have partners dedicated to cybersecurity and there are a host of dedicated cybersecurity investors, such as ForgePoint Capital, TenEleven Ventures, AllegisCyber Capital, SixThirty and NightDragon, to name a few.

Reading about the attack on ATV is no doubt a wake-up call for venture firms themselves to start employing cyber-protection for their own data, if they’re not already.

In the last couple of decades, firms have expanded their rosters, hiring marketing specialists, talent partners and data scientists.

An IT partner might be the next big trend for venture firms to not only protect themselves, but their LPs and their portfolios.

Let me know what you think. You can drop me a line at agoldfisher@buyoutsinsider.com.