IC memo — cyber risk

IC memo cyber risk section built from available diligence evidence — no scanner deployment, bounded financial estimate included.

Valty ingests the artifacts available at deal close — assessments, questionnaires, posture reports — and returns a bounded EBITDA exposure estimate with method visible, ready for the IC memo cyber section and the 100-day plan.

Review the financial-risk model

Design partnerPublic / indexed

IC memoTarget deliverable

Cyber risk section of the IC memo with bounded financial exposure, gap summary, and 100-day plan path — packaged at deal speed.

AvailableEvidence standard

Valty ingests the evidence available at deal time — no scanner deployment or company cooperation required to produce a first-pass exposure estimate.

IllustrativeEstimate discipline

All financial figures carry method, confidence range, and the specific assumption gaps that would tighten the band with additional diligence.

Deal team question

What is the cyber risk section of the IC memo, and how defensible is the financial figure?

IC memos require a bounded cyber-risk estimate with method visible — not a qualitative summary that the investment committee cannot price and a legal team cannot review.

Operating partner question

Which findings matter at this business scale, and what does a 100-day fix plan look like?

Post-IC the operating partner needs a ranked action list tied to the exposure estimate — so the first 100 days move on value, not on assessment volume.

Proof standard

What evidence supports the exposure figure if a co-investor or LP asks during the IC?

IC-quality claims need a source log — which artifacts were reviewed, what their freshness was, and what assumptions the model used to fill gaps where evidence was unavailable.

EBITDA BridgeFinancial exposure with method, confidence band, and assumption drivers visible — before the IC meeting or board ask.

IC memo cyber section

Financial exposure at deal speed — built from evidence, not from benchmarks.

The EBITDA bridge is the financial anchor of the IC cyber section. It converts the evidence available at deal time into a bounded exposure estimate — and surfaces the assumption gaps that would tighten the range if additional diligence were scoped into the 100-day plan.

Exposure estimate: P10 / base / P90 with method and confidence
Top three findings by EBITDA materiality, not by severity score
Assumption gap log: what evidence is missing and what it costs the estimate
100-day action path: ranked by exposure delta and evidence required to prove closure
IC export format: claim state, evidence source, and freshness per finding

Estimates are decision-support models bounded by available diligence evidence. They are not actuarial opinions, FAIR-certified quantifications, or legal risk assessments. The confidence band widens when evidence is limited and narrows when source connectors are live.

Ingest

Diligence artifact ingestion

Available diligence artifacts enter the evidence pipeline

Pen test reports, vendor assessments, questionnaire responses, public breach filings, and cloud posture snapshots are normalized into typed evidence objects — no new scanner deployment needed.

Gap

Assumption log with gap impact

Evidence gaps are surfaced with assumption impact

Where evidence is missing, the model surfaces the assumption used to fill the gap and how much that assumption widens the confidence band — so the IC can see exactly what additional diligence would tighten.

Estimate

FAIR-inspired model, labeled as decision-support

EBITDA exposure arrives with P10 / base / P90

The exposure estimate is bounded by revenue, EBITDA margin, and the evidence available at deal time. Method, confidence, and assumption drivers appear adjacent to the number.

Memo

Publication-gated IC export

IC memo section is export-ready with claim state

The IC memo cyber section shows the exposure range, top three findings by materiality, assumption gap list, and the 100-day remediation path — with each claim labeled by evidence state.

Proof matrix

IC cyber memo claims and their evidence requirements

Each claim in the IC cyber section needs a source, a confidence label, and a freshness date. The matrix shows what can be stated at deal time versus what requires additional diligence to support.

ClaimSourceConfidenceFreshness

EBITDA exposure estimate (IC section)FAIR-inspired model from available diligence artifactsDecision-support — bounded by evidence scope at deal timePoint-in-time at ingestion; recalculated on new evidence

Material finding by EBITDA deltaPen test, assessment, questionnaire, or posture report ingestionSource-linked, freshness-tracked, ranked by financial materialityTied to artifact collection date; stale artifacts flagged

Evidence gap with assumption impactMissing coverage detected against evidence object schemaFactual gap — not an inferred risk opinionUpdated on each additional artifact ingest

100-day action priorityAction queue ranked by EBITDA delta and evidence-to-close stateModel-based — dependent on exposure estimate confidenceUpdated when action queue or evidence changes post-close

Blocked IC claim (insufficient evidence)No available artifact or expired assessmentNot publishable — flagged as additional diligence requiredRequires new evidence artifact before claim is re-instated

Start the IC cyber section with available evidence — not a blank template.

Valty ingests what exists at deal time and returns a bounded exposure estimate with method and assumption gaps visible. The IC memo section and 100-day plan are workflow outputs, not manual builds.

Review the financial-risk model View PE operating partner solution

Valty is in design-partner and early-access stage. All financial figures are illustrative decision-support estimates with method, confidence, and limitation stated adjacent to the claim. No fabricated customers, no published pricing.