Study: Private equity firms failing to identify cyber risks


Majority of private equity firms in the UK do not carry out sufficient assessments of cyber risks at their target companies, a new study has uncovered.


The findings show that just 23 per cent of private equity professionals believe that due diligence carried out on cyber security issues at target companies is good or excellent.


A significant 30 per cent described the industry’s work in this area as average, while 27 per cent said that it was poor or terrible.


According to The Actuary, governance experts Mactavish, which carried out the research, said private equity firms face cyber risks at their own business, through transactional work, and at portfolio companies.


“It’s imperative that private equity firms and their portfolio companies have robust insurance in place,” said Mactavish director of client services, Liam Fitzpatrick.


“Cyber risks are a growing threat to all organisations, but private equity firms are unique in that they can be left particularly exposed in three distinct but interrelated areas.”


Despite the industry’s failings, it was found that 83 per cent  of private equity professionals expect a cyber insurance requirement for portfolio companies within three years.


When it comes to private equity firms buying insurance for their own operations, 53 per cent of the respondents said they believe the industry is focusing more on this issue.


And when asked what the main obstacles are to private equity firms securing insurance, 27 per cent said cover is too expensive when compared to the risks they face in this area.


The same proportion said cyber risk exposure is not serious enough to require insurance, while 13 per cent of those interviewed said it’s difficult to find the desired cover.


Mactavish warned that the results are consistent with views expressed by the wider business community, with many companies finding it hard to find appropriate insurance.


“This is easier said than done as many off-the-shelf cyber policies are not up to the job and may not meet the requirements of a complex business like a private equity firm,” Fitzpatrick added.


Related posts

Leave a Comment