More LPs will demand cybersecurity risk assessments from their GPs in the next few years due to an increased threat of attack, according to a survey conducted by Coller Capital.
The firm’s Global Private Equity Barometer for summer 2017 found that 55 percent of LPs say they will require GPs to undertake these assessments for their management companies within three to five years, up from 20 percent currently.
An even greater surge in cybersecurity risk assessments is expected for portfolio companies. The survey of 110 private equity investors found the number of LPs seeking these checks is set to reach 45 percent, despite only 9 percent requiring them currently.
This rise has been driven by fears the cybersecurity threat will increase dramatically, with 55 percent of LPs predicting serious attacks on their institutions within the next five years.
“If you’re a reasonably small business it’s very tough to get the protocols or processes in place, or the expenditure on the IT side, that might give you protection from cyber-attacks,” Michael Schad, head of investment management at Coller Capital, told PEI.
“You’re equally likely to suffer a cyber-attack if you’re a business of 100 people instead of 10.”
The concerns come despite just 5 percent of LP institutions having suffered a significant cybersecurity incident in the last five years.
Schad suggested the threat could be dependent on how companies are set up operationally.
“If firms can demonstrate they have the right processes in place then that can be extended to cybersecurity, but if you fundamentally don’t have the right processes in place on the operational side of the business that will be a challenge,” he added.
“Just buying in security programmes will not address the cyber security issue because it’s bigger than that.”
Earlier this month, PEI gathered five technology experts to discuss issues such as how private equity firms could best defend themselves against cybersecurity threats.
Suggestions included the use of investor portals to mitigate risk, and the introduction of regular cybersecurity training for staff.