When you think of cyber security in your portfolio companies (PortCo), what’s the first thing that comes to mind?
Are you still struggling with increasing cyber insurance premiums across your portfolio companies?
Do you find that the coverage has become even more limited while placing even more cyber security process requirements on your portfolio companies?
Most private equity firms are seeing increasing cyber insurance premiums across their portfolio in 2023
When it comes to cyber, no two portfolio companies are the same, perhaps one of your PortCo’s has had a ransomware issue in the last 18 months so you’ve experience this rise first-hand, perhaps another PortCos incident free but premiums are still rising!
Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021 according to the Council of Insurance Agents & Brokers (CIAB).
Along with increasing premiums insurers are offering more limited cyber coverage, particularly when it comes to paying out in the event of a Ransomware attack, some firms don’t find this out until it’s too late.
Cybercriminals will look to exploit inherent weaknesses anywhere they can in your PortCos technology systems, private equity PortCo are a significant target.
Work to reduce these premiums can be challenging, sometimes even more costly than the insurance itself.
Some portfolio companies will be using some form outside in cyber analysis as part of Due Diligence or 100-day planning however these tools and processes are designed to be non-intrusive, not wasting peoples time in-deal.
However, if you are investing for 3-5 years then you need more detail to help enhance the value of that deal, and as result private equity firms are increasingly asking the question, where do I invest now to reduce my cyber risk and as a result cyber insurance premium.
An alternative to focusing on reducing premiums is to focus on remediating the risk of any potential cyber-attack.
Developing a repeatable and pragmatic approach to cyber that will drive value creation throughout the lifecycle of an investment you can elevate the conversation to what do we need to prevent an attack, rather than how much will we get back from our insurance pay out if we are attacked?
Too often we see cyber projects looking at “bleeding edge” solutions when what’s really needed is good cyber hygiene and “being brilliant at the basics”. Taking a focused and pragmatic approach to cyber across the portfolio can give confidence that any investment is in an area that will make the biggest difference and so drive commercial value , that will reduce your cyber risk.
With the right level investment and focus, cyber maturity has the potential to be a key value creation driver in 2023, helping you build cyber resilient portfolio that reduce the potential value that can be chipped off at exit.
For more information on how we can support your cyber strategy please get in contact.