CDK before BlackSuit: 90 signals on what $5.8B in acquisition debt looked like

Co-author here. We collected 90 public signals from employee reviews and social media describing the organizational impact of post-acquisition cost extraction at CDK in the year before the attack. The question we’re interested in is the following: does the PR ownership model inherently increase cyber risk? This is what we see based on the data, but we found little to no research on this topic. Has anyone seen credible academic or industry research on PE or LBO-style ownership as a cyber risk factor specifically? We could only find adjacent work (PE portfolio cyber surveys, PE healthcare studies) and would value pointers to anything we missed.