Private equity firms cite cybersecurity as one of their biggest concerns, but how prepared are they for the worst to happen? Not very.
That’s the conclusion from a cybersecurity survey by our sister title Private Funds Management and IT firm eSentire which polled the industry to asked how ready firms were for a cyber-attack.
Two-thirds of respondents have only a partially implemented cybersecurity programme and just 23 percent have fully operational procedures that are compliant with US Security and Exchange Commission guidelines. That’s especially surprising given that 53 percent cited regulatory compliance on cybersecurity as most important to their firm.
Only a small percentage rate awareness training and continuous monitoring and reporting to be most important.
Even for those respondents with operational cybersecurity programmes, it is a relatively recent addition to the business – 43 percent have had it in place for between one and two years and only 23 percent for more than two years. Generally speaking, these programmes are not expected to be a permanent fix, with one-third of respondents expecting them to be obsolete within a year and a further 49 percent expecting to replace them within two years.
Firms are also failing to review their cybersecurity processes regularly. Only 7 percent review on a monthly basis, with the majority (57 percent) doing so annually.
One reason why firms have been lagging on cybersecurity may be the seeming indifference of investors. Nearly three-quarters of fund managers interviewed said their investors only occasionally commented on the topic or simply never mentioned it. This is perhaps why more than half – 54 percent – do not believe that having a robust cybersecurity programme will give them a strategic or competitive advantage in the marketplace over the next two years.
Despite the range of risks facing the industry, almost 79 percent do not possess cybersecurity insurance.
The survey polled nearly 100 fund managers in fields including the buyout, real estate and infrastructure sectors.
The full survey, Cybersecurity in Private Equity: How Prepared is The Industry?, is available from www.privatefundsmanagement.net/cybersecurity-in-private-equity/
A version of this article appeared in the June issue of Private Funds Management