Are Private Equity firms taking the risk of cyber-crime seriously?

For the last couple of years not a day has gone by without the world’s news portals being awash with stories of government – including NASA and the Pentagon, as well as large multi-national corporations such as HSBC, Target, Talk Talk, and Sony being hacked losing literally millions of peoples’ personal data and financial information.

Cyber hacking is clearly a modern day epidemic of worldwide proportions. The extent of the problem can even be measured against the EU’s decision to change the data protection laws, which are formally adopted by the European Parliament and Council at the beginning of this year. The changes are designed to ensure that companies report serious data breaches within 72 hours, or alternatively suffer fines that in some cases amount to 2% of turnover.

The US Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE), the Financial Industry Regulatory Authority (FINRA), and the UK’s Financial Conduct Authority (FCA) all place cyber security high on their list of priorities. In 2015, FINRA formally added cyber security to its audit process.

But has all this news and changes in laws and protocols really been enough to shake businesses out of their slumber? Apparently not. A recently released report titled ‘Cyber Security in Private Equity: How Prepared is the Industry?’ found that most of the one hundred international private equity businesses surveyed are poorly defended against the tools of the modern day cyber hacker, therefore displaying a ‘simple lack of focus on cyber security’.

Many, if not all, small to medium-sized financial institutions genuinely believe they are too small to draw the attention of cyber criminals, and have allocated very little budget towards handling any cyber threat. Yet, more than 53% of private equity firms have already been victims of cyber-attacks.

Private equity firms and their portfolio companies, regardless of size or sector, will have to confront the growing cyber threats across their operations. How much of a consolation would it be if your firm achieves stellar performance and reputation only to lose it all due to weak internal cyber security defences?

Stuart Poole-Robb, CEO of KCS Group, says: “there are still far too many companies, regardless of size and type of industry, that do not regularly test their IT defences via third party penetration testers, and they continue to allow staff to use personal devices on their desktops.” He adds: “given we already know that 80% of cyber security breaches can be traced to staff, and this figure is increasing, it is high time that companies realise that they are often blissfully unaware that their data is copied or stolen, often by their own employees!”

 

Source: KCS Group

Read more articles by and about KCS: https://www.kcsgroup.com/2015/