The industry expert says new research on how private equity firms view their risk exposure is consistent with its wider study on business cyber insurance
Private equity firms are increasingly likely to expect all of the portfolio of companies they invest in to have a dedicated cyber insurance policy, according to research from Mactavish.
The insurance governance consultancy surveyed 30 senior executives at private equity companies and found 83% believe cyber insurance will become a necessary precaution expected by investors within three years.
It also found 23% of respondents thought the due diligence carried out by private equity firms on the cyber security of companies in their portfolio was “good” or “excellent” — while 30% said it was “average” and 27% claimed it was “poor” or “terrible”.
Mactavish client services director Liam Fitzpatrick said: “Cyber risks are a major and growing threat to all organisations, but private equity firms are unique in that they can be left particularly exposed in three distinct but interrelated areas: The private equity firm itself, their transactional work, and then the risks faced at the portfolio company level.
“It’s imperative that private equity firms and their portfolio companies have robust insurance in place, however this is easier said than done, as many off-the-shelf cyber policies are not up to the job and may not meet the requirements of a complex business like a private equity firm.”
Mactavish claimed the results of the survey were not isolated to the private equity industry, but are consistent with the views expressed by the wider business community in its 2018 Cyber Risk & Insurance Report.
What cyber risks do private equity firms face?
In-house cyber risk
Private equity firms face the same immediate cyber risk as any other company, in that they could be targeted by a malicious actor through a cyber attack.
In its 2018 Cyber Risk & Insurance Report, Mactavish found in a survey of 700 senior managers in the UK, that 43% of their employers had suffered a cyber attack in the past two years — yet one in five felt their employer was “very well prepared” for attacks.
In its survey of senior private equity executives, the consultancy found 53% felt the industry as a whole was focusing more on the issue of cyber security.
Despite this, 27% said cost was a barrier to obtaining cyber insurance and that the expense outweighed the level of risk they were exposed to.
A further 27% felt the cyber risk exposure the private equity sector faces is not serious enough to require insurance — and 13% said it was difficult to source the right level of cover.
Investment target cyber risk
The cyber risk of private equity firms extends to the companies they target for investment or acquisition as part of their portfolio.
Cyber attacks can have a significant impact on the valuation of a business, which has a knock-on effect on the value of investments in it, potentially bringing down the value of a private equity firm’s portfolio.
This is why many feel it’s likely cyber insurance coverage — which can allow companies to bounce back faster from an attack — will become a necessity if companies are to attract investors.
The investment business within a private equity firm involves funding early-stage start-ups, company expansions or restructures, and sometimes the outright purchase of businesses using a mix of cash and financial assets.
All of these transaction types carry risk beyond the success or failure of the investment, and several insurance types mitigate it.
Representations and warranties insurance adds a layer of protection for both the buyer and seller of equity in an investment deal — ensuring that buyers can be compensated if sellers renege on the agreed parameters of the deal.
Another layer of insurance can be purchased in case a transaction results in the private equity firm incurring a tax penalty through purchasing part or all of a business, especially in a country where they’re not familiar with tax regulations.
This type of cover allows businesses to pay a premium and ensure the bill and associated legal fees are covered in the event they are penalised — even years later.
Other kinds of insurance can be purchased to cover exposures ranging from legal action taking place after a transaction, costs related to environmental issues caused by a business, and employment disputes.