Data Room: Hack to the future

More LPs will demand cybersecurity risk assessments from their GPs in the next few years due to an increasing threat of attack, according to Coller Capital's Global Private Equity Barometer for summer 2017.

More than half (55 percent) of LPs will require GPs to undertake these assessments for their management companies within three to five years, up from 20 percent currently, the report says.

Data room July 2001 411

Click here to enlarge

An even greater surge in cybersecurity risk assessments is expected for portfolio companies. The survey of 110 private equity investors finds the number of LPs seeking these checks is set to reach 45 percent, despite only 9 percent requiring them currently.

This rise has been driven by fears the cybersecurity threat will increase dramatically, with 55 percent of LPs predicting serious attacks on their institutions within the next five years.

“If you're a reasonably small business it's very tough to get the protocols or processes in place, or the expenditure on the IT side, that might give you protection from cyber-attacks,” Michael Schad, head of investment management at Coller Capital, explains.

“You're equally likely to suffer a cyber-attack if you're a business of 100 people instead of 10.”

The concerns come despite just 5 percent of LP institutions having suffered a significant cybersecurity incident in the last five years.

Schad believes the threat could be dependent on how companies are set up operationally.

“If firms can demonstrate they have the right processes in place then that can be extended to cybersecurity. But if you fundamentally don't have the right processes in place on the operational side of the business that will be a challenge,” he adds.

“Just buying in security programmes will not address the cybersecurity issue because it's bigger than that.”

In June, Private Equity International asked five technology experts to discuss how private equity firms could defend themselves against cybersecurity threats. Suggestions included the use of investor portals to mitigate risk, and the introduction of regular cybersecurity training for staff.