Cyber attacks can and do touch on every industry and country in the world. There are obviously some organisations that are more tempting targets than others, based on the potential value to the hacker and/or the defenses that the targets put up.
Private equity can be a tempting target, and one this is increasingly coming into sophisticated attackers' sights. They may not be a natural target, but considering the scale and scope of information that passes through them, the windfall from any attack could be great.
Regardless of the sophistication of an attack, the first step, of course, is to get the basics right – from software patch updates all the way through to training. Firms are not doing everything they can to prevent breaches or implement the much needed cultural changes necessary to aid their cause. A burglar alarm alone will not prevent a break-in, and firms are continuously leaving doors open when it comes to protecting their data.
To rectify this, businesses need to focus on two areas: people and process. Engage with employees on the threats, so they are better prepared, more aware and know the correct processes to follow if something is suspicious or goes wrong. Everyone needs to know their role and responsibilities to help resolve the situation. It’s also important to stress this knowledge shouldn’t differ by seniority. Every employee from the CEO through to administrators or receptionists should be wary of the threats and not be afraid to seek help.
Equally, PE firms need to be conscious of the impact a cyber attack could have to the value of its portfolio should one of their portfolio companies be subject to an attack. They need to ensure that they keep a close eye on how these risks are managed within their portfolio, as bad decisions can have a disproportionate affect.
It is essential therefore that PE firms turn the lens on both themselves and their portfolio companies to ensure that they are taking adequate measures to protect themselves against a cyber attack.
Too many private equity firms are vastly underestimating their vulnerability to cyber attacks. With their response slow and dissonant they are being viewed as prey by increasingly sophisticated criminals. As attacks have moved from major institutions...to central banks and regulatory bodies, it has become clear that cyber crime will inevitably touch every corner of the financial industry.