One of the hot-button issues in almost all industries is cybersecurity. It has become a central topic of debate between presidential candidates, and has generated its fair share of sound bites, with both candidates pushing it as an immediate and top priority. Private equity firms, perhaps more so than other industries, need to follow suit.
Data breaches in companies like Yahoo and Sony Pictures continue to make headlines. PE firms have begun taking steps in the right direction. Reactive steps to crises might not be enough.
Cyber risk is directly proportional to the value of data. PE firms directly hold onto an overabundance of valuable data or indirectly have access to it. Examples include broader company financial information and inside trading information, and extend down to customer information like social security numbers, passport documentation, email addresses, and miscellaneous passwords.
The PE industry is riddled with considerations of low probability and extremely high-consequences. Breaches can have catastrophic consequences that greatly devalue a company and scare off investors. PE firms must not only insulate the fund but also provide comprehensive cybersecurity strategies at the portfolio level. This is easier said than done: attackers are generally opportunists that’ll take anything and everything first and figure out how to monetize it later. Thus, one major obstacle is developing a practical strategy that has to essentially cover everything.
However, the best strategies sometimes still start with the simplest: situational awareness from the top of the totem pole to the bottom need to be vigilant against an omnipresent threat. The first line of defense against cyber threats is situational awareness. This involves logging off of laptops, refraining from using public servers, applying secure authentication methods, backing up data, encrypting PII data at rest and in transit, keeping track of data, and other rudimentary practices that decrease risk.
Private equity firms need to integrate comprehensive cybersecurity strategies into fundamental parts of a larger business plan. Whether it is bringing in third-party expertise or using competent in-house personnel, firms need to conduct thorough risk assessments for both the fund and the portfolio. Risk assessments should be conducted periodically and with greater frequency as the threat of cyber attacks loom larger. These strategies are proactive rather than reactive and ensure a firm’s due diligence in the unpredictable cyber world.
NES Financial welcomes your questions and opinions. Allow us to address your business needs by contacting us. We look forward to hearing from you!