Estimated reading time: 4 minutes
Cyberattacks Hit Nearly Half of Portfolio Companies –
Almost half of private equity (PE) portfolio companies reported cyber incidents in the past year, many involving ransomware or extortion attempts. PE Cybersecurity and cyber insurance are the focus of the Private Equity Cyber Survey White Paper by QBE, which surveyed 300 risk managers and CISOs at firms with $1 billion to $50 billion under management.
The report reveals a sector under siege but also adapting. Private equity firms are tightening cybersecurity controls across their investments while cautiously exploring cyber insurance to manage escalating risks.
Cyber Due Diligence Becomes a Dealbreaker
Cyber due diligence is now a standard part of private equity deal-making. Firms want to understand risks before investing. Nearly half of respondents conduct regulatory compliance assessments. Others examine supply-chain security and workforce training.
These assessments help firms measure potential costs to strengthen defenses. They also highlight vulnerabilities that could threaten deal value. The findings show a shift: cybersecurity is now central to evaluating targets.
Ransomware Looms Large in Threat Landscape
Survey respondents ranked the biggest threats to their firms and portfolios. Software vulnerabilities lead at 42%. Cloud-security gaps follow at 40%. Data breaches rank third at 35%. Business email compromise and ransomware both appear at 32%.
Over half of respondents said up to a quarter of portfolio companies suffered incidents in the past year. Nearly a quarter reported that between 26% and 50% of their portfolio companies experienced attacks. Among these, ransomware attempts made up nearly half.
Portfolio Companies Strengthen Defenses
Private equity firms are driving change across their portfolios. Almost all require baseline protections like endpoint security, privileged access controls, and multi-factor authentication. Governance standards are also demanded. Ninety-six percent require incident response planning and data classification.
The effort is working. Forty-three percent of respondents said that most of their portfolio companies made cyber improvements in the past year. Nearly one-quarter said at least half of their companies upgraded protections and policies.
Check out our podcast on Personal Cybersecurity, A Vital concern for high-net-worth and high-profile individuals
Private Equity Firms Step In With Support
Private equity firms are not leaving their companies alone. Forty-eight percent provide cybersecurity training. Almost half support vendor risk management while thers help fund technical upgrades and strengthen incident response planning.
Ongoing reviews are common. Firms check cyber readiness monthly, quarterly, or semi-annually. This cycle reinforces accountability and pushes companies to stay vigilant.
Cyber Insurance Adoption Falls Behind
Despite progress on defenses, PE cyber insurance adoption lags. Before investment, 60% of firms said fewer than half of target companies had cyber insurance.
Among private equity firms, only 53% have coverage. Still, momentum is building; sixty percent plan to raise their coverage limits within the next 12 months. Many are shifting from endorsements to standalone policies.
Cyber insurers are offering added value. Over three-quarters of respondents used services like vulnerability scanning, response planning, and risk assessments. These services add technical expertise to complement coverage.
Coverage Expands as Firms Reassess Risk
Cyber insurance protects against both liability and direct losses. Liability coverage includes regulatory fines and third-party claims. First-party benefits cover incident response, forensics, public relations, and ransom payments. Policies also fund customer notifications, monitoring, and data restoration.
Still, exclusions vary widely. Careful review remains critical before purchase.
Get The Cyber Insurance News Upload Delivered
Every Sunday
Subscribe to our newsletter!
Building Cyber Resilience Across Every Stage
Cyber risks follow private equity firms from pre-deal negotiations through exit. Strengthening cybersecurity and adopting insurance both safeguard value across that journey.
The white paper stresses the need for standardized frameworks, frequent assessments, tested response plans, continuous monitoring, and employee training. Firms should also review third-party practices and deepen partnerships with insurers.
The message is clear: cybersecurity is no longer optional. Investors, regulators, and customers expect strong protections.
Related Posts
