Scaling responsibly in the age of AI: why portfolio cyber governance matters more than ever

Last week, I had the pleasure of joining the Cyber Governance for Boards (CxB) community to speak about a challenge every high growth organisation is facing, whether they realise it or not: the cyber exposure that comes with scale. My thanks to CxB and fellow speaker Sarah Chilcott of hgkc for bringing together such a thoughtful group of non executive directors committed to improving governance across the ecosystem.

As I discussed during the session, growth and risk expand in parallel. High velocity scaling creates new systems, new integrations, new people, and new data — all at a pace that rarely allows security to keep up. The result is predictable: growth increases exposure, and attackers know it.

Scaling companies face increased and accelerating risk

Fast growing businesses often focus on launching new products and services, acquiring customers, and building partnerships. But this speed introduces vulnerabilities: rapid system development without security, inexperienced teams stretched thin, increasing third party dependencies, and accumulating technical debt. These are precisely the areas we explored in the webinar.

In today’s environment, the risk is amplified further by AI implementation. Boards are rightly encouraging AI adoption to unlock efficiency and competitive advantage — yet seldom pressure test whether data quality, model integrity, or underlying systems are secure. The opportunity is huge, and the threat is already here: compromised training data, unintended data leakage, model manipulation, and AI‑enabled attacks are now live issues across the market.

Oversight of portfolio companies has never been more important

For investors, governance can’t stop at the fund level. With regulators, insurers, and customers demanding more assurance, LPs are now asking how portfolio companies are managing cyber risk — and what the GP is doing to govern and support them. Boards must be clear, confident, and credible when reporting exposure, actions, and improvements.

A consistent, risk assessed approach to portfolio oversight is no longer optional. It’s becoming a key driver of investor confidence and enterprise value.

Supporting companies to scale responsibly

High growth companies don’t always need heavyweight frameworks; they need proportionate, pragmatic and commercially sensible support. This means:

• performing threat and risk assessments to identify true "crown jewels"

• prioritising protections based on business impact

• ringfencing capital for resilience

• ensuring reporting is simple, honest, and focused on value protection

• embedding resilience into the culture and operating model from the top down

Good governance isn’t about slowing growth — it’s about enabling scale without compromising trust.

Proportionate, risk assessed portfolio cyber governance is critical

Different companies within a portfolio face different risks. While some baseline portfolio-wide analysis is helpful, a one size fits all compliance checklist isn’t and will often get ignored. Instead, investors need a portfolio wide governance strategy that:

• recognises varying maturity levels

• provides shared tools and expertise

• supports management teams to make informed decisions

• escalates the level of oversight for the highest risk assets

• increases confidence ahead of future funding rounds or exit

Done well, this approach improves day‑to‑day operating discipline across the portfolio and reduces unpleasant surprises for both boards and investors.

How Strarc supports boards and portfolio cyber governance

At Strarc, we partner with private equity funds, their portfolio company boards and management teams to:

• define a portfolio cyber governance strategy tailored to equity position, level of influence and the realities of a fast‑moving growth plan

• implement a risk-based assurance and oversight programme

• support companies with maturity assessments, independent assurance, and cyber incident exercising

• help select and procure the right technical controls through established vendor relationships

• guide responsible implementation of AI systems with security, ethics and data protection in mind

• help management teams communicate confidently with boards and investors

Ultimately, the goal is simple: minimise risk, protect value, and strengthen exit readiness. A mature approach to cyber resilience has a direct correlation with buyer confidence and valuation — particularly in markets where acquirers place heavy emphasis on operational integrity.

Closing thoughts

As I shared during the webinar, cyber resilience has moved beyond a narrow ‘IT issue’. For growth‑oriented boards, it has become a board‑level lever for scale, investor trust, and long‑term value creation. Strategic oversight from investors — paired with pragmatic support for management teams — is essential for companies to scale responsibly in the age of AI.

My sincere thanks again to CxB and all participants for such an engaging session. I look forward to continuing the conversation and helping more investment backed companies build resilience as a core driver of growth.

If you sit on the board of a PE-backed business or are a value creation operator with broader portfolio responsibilities and would like a simple view of cyber and AI risk across the company or wider portfolio, we can offer a concise governance health‑check.

If you're interested in discussing portfolio governance, running a tailored assessment, or exploring how a structured programme can support valuation and exit readiness, please feel free to reach out.

About the author

Dee Parekh is Founder and Operating Partner at Strarc. He has over 20 years hands-on technology and cyber security leadership experience, latterly running internal and portfolio cyber governance for the UKs largest growth capital investor – BGF. You can contact Dee on LinkedIn or through www.strarc.com.