The findings of a new global report from Kroll, which reveals that cyberattacks cause significant value destruction across the private equity lifecycle and are increasing in frequency, should resonate with funds industry leaders in the Channel Islands according to the firm’s Managing Director.
The report, ‘Cyber Risk at scale: Safeguarding portfolio value in private equity‘ surveyed more than 300 global private equity executives to understand cybersecurity risk and fund-level management practices.
It found that, on average, firms suffered $2.1 million in financial impact per cybersecurity incident, with a 53% chance that a private equity firm will lose more than $500,000 and a 13% chance that financial impact will exceed $5 million. It also highlighted that 94% of firms suffered some financial impact due to cybersecurity risk, including reduced valuation or exit price due to cyber incidents, or increased ongoing compliance or cybersecurity training.
In terms of frequency, the report found that 80% of private equity firms experienced disruption due to cyberattacks during the period, nearly a third (27%) of which suffered outright business disruption or downtime.
The research also identified a clear divide in cyber risk management approaches between larger firms (>$25 billion AUM) and smaller firms (<$25 billion AUM), with 81% of larger firms reporting that cybersecurity due diligence is a standard part of the transaction diligence process, compared to 29% of smaller firms who said the same.
Looking ahead, 96% of private equity firms surveyed expect the importance of portfolio cybersecurity to increase over the next 12 months, with over half (53%) believing the financial impact of cyberattacks will grow in the coming year.
Commenting on the report and its relevance to the private equity industry in Jersey and Guernsey, Ed Shorrock, Managing Director said: “Cybersecurity has evolved into a material transaction risk, becoming a direct threat to deal flow and valuation in private equity – and as jurisdictions that play a key role in the cross-border private equity landscape, these findings should resonate loud and clear in Jersey and Guernsey.
“The report shows that the average financial impact of a cyber security incident is $2.1 million, but that’s just the tip of the iceberg. The real cost emerges in regulatory investigations, deal timeline delays and continuation vehicles triggered by post-incident governance gaps. As such, those in the private equity ecosystem across the Channel Islands must ensure that they monitor and challenge assumptions, including compliance, reputation and defence across their entire security perimeter.”
Related
