Poor due diligence of cyber risks posed to PE portfolio companies, research shows

Credit: Shutterstock.com/ Maksim Kabakou

Only 23% of senior private equity professionals describe the due diligence that private equity firms carry out on cyber security issues of target companies are “good” of “excellent”, a new survey has revealed.

The research, which was commissioned by Mactavish, reveals that 30% of the private equity professionals interviewed describe the industry’s work here as “average”, and 27% them said it was “poor” or “terrible”.

However, the findings suggest future potential improvements in this area, as 83% of respondents expect private equity firms to insist that its portfolio companies all have specific cyber insurance policies in place within the next three years.

When it comes to private equity firms buying cyber insurance for their own operations, 53% of industry professionals interviewed said they believe the industry is focusing more on this issue.

When asked what they think are the main obstacles to private equity firms securing appropriate cyber insurance, 27% said cover is too expensive when compared to the risks they face in this area.

The same proportion of respondents say they feel the cyber risk exposure the private equity sector faces is not serious enough to require insurance.  13% of those interviewed said it’s because it’s difficult to find the desired cover.

The results of this survey are not isolated to the private equity industry and are consistent with the views expressed by the wider business community in Mactavish’s ‘Cyber Risk & Insurance Report’.

Liam Fitzpatrick, Client Services Director at Mactavish, said: “Cyber risks are a major and growing threat to all organisations but private equity firms are unique in that they can be left particularly exposed in three distinct but interrelated areas: the private equity firm itself, their transactional work, and then the risks faced at the portfolio company level.

“It’s imperative that private equity firms and their portfolio companies have robust insurance in place.  However, this is easier said than done as many off-the-shelf cyber policies are not up to the job and may not meet the requirements of a complex business like a private equity firm.”