[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Private equity firms failing to identify cyber risks

The majority of private equity firms in the UK do not carry out sufficient assessments of cyber risks at their target companies, a new study has uncovered.

Private equity firms face multiple cyber risks ©iStock
Private equity firms face multiple cyber risks ©iStock

The findings show that just 23% of private equity professionals believe that due diligence carried out on cyber security issues at target companies is “good” or “excellent”.

A significant 30% described the industry’s work in this area as “average”, while 27% said that it was “poor” or “terrible”.

Governance experts Mactavish, which carried out the research, said private equity firms face cyber risks at their own business, through transactional work, and at portfolio companies.

“It’s imperative that private equity firms and their portfolio companies have robust insurance in place,” said Mactavish director of client services, Liam Fitzpatrick.

“Cyber risks are a growing threat to all organisations, but private equity firms are unique in that they can be left particularly exposed in three distinct but interrelated areas.”

Despite the industry’s failings, it was found that 83% of private equity professionals expect a cyber insurance requirement for portfolio companies within three years.

When it comes to private equity firms buying insurance for their own operations, 53% of the respondents said they believe the industry is focusing more on this issue.

And when asked what the main obstacles are to private equity firms securing insurance, 27% said cover is too expensive when compared to the risks they face in this area. 

The same proportion said cyber risk exposure is not serious enough to require insurance, while 13% of those interviewed said it’s difficult to find the desired cover.

Mactavish warned that the results are consistent with views expressed by the wider business community, with many companies finding it hard to find appropriate insurance.

“This is easier said than done as many off-the-shelf cyber policies are not up to the job and may not meet the requirements of a complex business like a private equity firm,” Fitzpatrick added.

Sign up to our free newsletter here and receive a weekly roundup of news concerning the actuarial profession