complete buy-in from all partners and employees, regardless of their roles in ... devices (mobile phones, laptops etc.)
Something Worth Stealing: Why Private Equity Firms Should Prioritize Cybersecurity Why are PE Firms Under Attack?
Private Equity International (PEI) recently conducted a survey of 100 international private equity firms to assess their cybersecurity hygiene and identify larger industry cyber trends.
Biggest Cybersecurity Threats
Who Owns Cybersecurity? Cybersecurity today is no longer just an IT issue or a compliance issue, but a firm-wide issue that requires complete buy-in from all partners and employees, regardless of their roles in the organization. When it comes to leadership, the report showed that most firms believe the CFO is in charge, but the COO and CTO are also taking ownership.
SSL encrypted threats
High-value Information They store customer and market sensitive data that they cannot afford to expose in the event of a breach.
Low Tolerance for Risk They are highly susceptible to outages that can cause significant business interruption or reputational risk.
They Don’t Think They’re a Target They have not put enough focus on cybersecurity, with regulators focusing on higher-profile financial firms like hedge funds and banks.
Almost
83%
CFO
of PE companies are not conducting a cybersecurity assessment as part of their due diligence when acquiring portfolio companies.
CTO
25% COO
Brute force attacks
Cybersecurity Practices: What are PE Firms Doing Now?
DUE DILIGENCE:
76%
50%
Infected mobile devices
4%
48%
56%
23%
of the businesses surveyed allow their employees to use personal devices (mobile phones, laptops etc.) for work-related tasks.
of respondents do not issue any cybersecurity guidelines to staff around the use of different device types (mobile phones, laptops, etc.).
of respondents say they have a fully operational SEC-compliant cybersecurity program.
of PE companies have no standard processes for systems integration following a merger and acquisition.
Cybersecurity should form a fundamental part of the due diligence and selection of third parties. Agreements between funds and third parties should contain explicit mention of cybersecurity issues with clear steps outlined for mitigating risk as well as set out the compensation that will be owed in the event of a breach.
No matter how much firms achieve through their deal-making capabilities, cyber weaknesses in the back office have the capacity to undermine even the most stellar reputations and undo years of hard-earned success.’’ ~Dan Gunner, Director, Research & Analytics PEI
The Survey Says... Overall, the survey highlights three primary cybersecurity vulnerabilities that PE firms should consider.
Many small and mid-sized financial firms (wrongly) consider themselves too small to be of interest to cyber criminals and choose to ignore the threat, leaving them open to attack. Private equity firms are particularly vulnerable as most operate with small cybersecurity budgets and limited IT staff.” ~ Eldon Sprickerhoff, Founder & Chief Security Strategist, eSentire Inc.
Attitudes of PE Firms about Cybersecurity Encouragingly, 46% of respondents recognize that having a robust cybersecurity program can be a competitive advantage for their business.
1
75% of survey respondents feel that cybersecurity is a relatively high risk to their business operations.
More than 50% of respondents think that regulatory compliance is of the highest importance to their businesses’ cybersecurity management.
The absence of current cybersecurity programs.
2
Unmonitored and unsecure devices.
3
A lack of requisite expertise among staff to develop effective cybersecurity protocols.
More than
53%
of respondents confirm their business has already experienced a cyber-attack.
We Can Help eSentire Managed Detection and Response™ keeps organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Our 24x7 team of elite security analysts handle everything from forensic investigation to incident response, so you can focus on your clients – not on cybersecurity. Learn more at www.eSentire.com or contact us to see how eSentire Managed Detection and Response can help protect your firm from threats.
