After the data leak at Blackrock reported last week, it is time to examine and evaluate cyber risks in a Private Equity (PE) firm’s portfolio of investments. PE firms, even though has a different business and operating model as compared to companies that have been targeted to date by hackers should be mindful of their firm’s and the assets of the companies they invested in.
PE firms are accountable to their investors, majority of whom are institutional funds who invested in these firms. These institutional funds are now demonstrating greater concerns about cybersecurity affecting their investments.
In established markets, majority of PE firms started implementing a social media policy, governing what can and can’t be said in various forums including on social media. Hackers are known to prey on social media seeking targets for their phishing and spear phishing attacks.
Risks from cyber attacks can affect the PE firms in the following manner, amongst others:-
Details of Mergers and Acquisitions conducted by their investee companies are accessed and hackers can target and manipulate the share prices before and during the negotiation process prior to the conclusion of the M&A.
If any of their investee companies are attacked, it can cause untold financial damages on the investee companies. And in such a scenario, it is highly likely the value of their investment would be diluted substantially as investors would be exiting their investments on the fear that the fallout from the cyber attack could cause possible untold and unquantifiable financial losses to the company that could lead to its demise.
PE certainly do not want to invest in a company only to find out several months later that it contains a cyber risk that was not disclosed and their investment impaired or written off completely thereafter.
Demonstrating a high level of awareness of risks from a cyber attack on your firm and your portfolio of investment can goes a long way in instilling confidence in your fund by your institutional investors in the current climate where cybersecurity is ranked as a concern for most governments across the develop world.