Exclusive: PE firms largely unprepared against cyber-attacks

Nearly two-thirds of buyout shops expect they will be a target in 2016, a survey finds.

The higher publicity granted to cybercrime in the media has yet to translate into greater preparedness within a majority of private equity firms, according to an exclusive report put together by IT firm eSentire and sister publication pfm.

The survey, which analyses responses provided by nearly one hundred fund managers active in fields including the buyout, real estate and infrastructure space, finds cyber security threats to be pervasive across the industry.

More than half of respondents said they had experienced a cyber-attack in the past, while 61 percent said they expected to be in the crosshairs of hackers this year. Nearly three-quarters thought private equity represented as much or more of a target as other parts of government or the business world.

Yet 66 percent of respondents confessed having only a partially implemented cybersecurity programme; more than 10 percent said they had no plan in place or haven’t implemented it at all. That left only 23 percent saying they had a fully operational strategy compliant with SEC guidelines.

Over half of interviewees said it would take over a year to have their plans in place.

One reason why general partners seemed to have made only partial efforts to mitigate the risk, the survey suggested, was an apparent indifference on the part of limited partners to the matter: nearly three-quarters of fund managers interviewed said their investors only occasionally commented on the topic or simply never mentioned it.

This is perhaps why a majority didn’t think having a watertight cyber strategy would give them a competitive advantage in the marketplace over the next two years.

The survey’s findings come in the wake of headline-grabbing attacks on high-street companies such as retailers Target, IT maker Sony or telephony provider Talk Talk, the most successful of which have led to the leak of vast amount of personal customer data.

This has led security services and defence ministries around the world to worry that the physical and essential qualities of infrastructure assets are making them especially vulnerable to hacking, with countries from Ukraine to the US acknowledging attacks on crucial transport and energy facilities.