The Survey Says... 53% - eSentire

complete buy-in from all partners and employees, regardless of their roles in ... devices (mobile phones, laptops etc.) for work-related tasks. ... Many small and mid-sized financial firms (wrongly) consider themselves too small to be of interest to ...
224KB Sizes 2 Downloads 236 Views
Something Worth Stealing: Why Private Equity Firms Should Prioritize Cybersecurity Why are PE Firms Under Attack?

Private Equity International (PEI) recently conducted a survey of 100 international private equity firms to assess their cybersecurity hygiene and identify larger industry cyber trends.

Biggest Cybersecurity Threats

Who Owns Cybersecurity? Cybersecurity today is no longer just an IT issue or a compliance issue, but a firm-wide issue that requires complete buy-in from all partners and employees, regardless of their roles in the organization. When it comes to leadership, the report showed that most firms believe the CFO is in charge, but the COO and CTO are also taking ownership.

SSL encrypted threats

High-value Information They store customer and market sensitive data that they cannot afford to expose in the event of a breach.

Low Tolerance for Risk They are highly susceptible to outages that can cause significant business interruption or reputational risk.

They Don’t Think They’re a Target They have not put enough focus on cybersecurity, with regulators focusing on higher-profile financial firms like hedge funds and banks.

Almost

83%

CFO

of PE companies are not conducting a cybersecurity assessment as part of their due diligence when acquiring portfolio companies.

CTO

25% COO

Brute force attacks

Cybersecurity Practices: What are PE Firms Doing Now?

DUE DILIGENCE:

76%

50%

Infected mobile devices

4%

48%

56%

23%

of the businesses surveyed allow their employees to use personal devices (mobile phones, laptops etc.) for work-related tasks.

of respondents do not issue any cybersecurity guidelines to staff around the use of different device types (mobile phones, laptops, etc.).

of respondents say they have a fully operational SEC-compliant cybersecurity program.

of PE companies have no standard processes for systems integration following a merger and acquisition.

Cybersecurity should form a fundamental part of the due diligence and selection of third parties. Agreements between funds and third parties should contain explicit mention of cybersecurity issues with clear steps outlined for mitigating risk as well as set out the compensation that will be owed in the event of a breach.

No matter how much firms achieve through their deal-making capabilities, cyber weaknesses in the back office have the capacity to undermine even the most stellar reputations and undo years of hard-earned success.’’ ~Dan Gunner, Director, Research & Analytics PEI

The Survey Says... Overall, the survey highlights three primary cybersecurity vulnerabilities that PE firms should consider.

Many small and mid-sized financial firms (wrongly) consider themselves too small to be of interest to cyber criminals and choose to ignore the threat, leaving them open to attack. Private equity firms are particularly vulnerable as most operate with small cybersecurity budgets and limited IT staff.” ~ Eldon Sprickerhoff, Founder & Chief Security Strategist, eSentire Inc.

Attitudes of PE Firms about Cybersecurity Encouragingly, 46% of respondents recognize that having a robust cybersecurity program can be a competitive advantage for their business.

1

75% of survey respondents feel that cybersecurity is a relatively high risk to their business operations.

More than 50% of respondents think that regulatory compliance is of the highest importance to their businesses’ cybersecurity management.

The absence of current cybersecurity programs.

2

Unmonitored and unsecure devices.

3

A lack of requisite expertise among staff to develop effective cybersecurity protocols.