Private equity firms are increasingly aware of the importance of cybersecurity, as the issue moves to center stage in society at large.
However, a cybersecurity survey by pfm and EisnerAmper, published in February, found that less than half of CFOs and operational executives felt well-prepared to handle a cyber-attack. They were least confident about denial of service attacks, where the cyber-criminal tries to make a network unavailable by flooding it with superfluous requests. Motives include extortion and outrage at corporate practices.
This is no mere theoretical problem for private equity firms: the following month Blackstone revealed in its annual report that it had been subjected to “attempts intended to obtain unauthorized access to our proprietary information, destroy data or disable, degrade or sabotage our systems, including through the introduction of computer viruses.”
The firm said investors couldn’t be assured that measures it took to ensure the integrity of systems would provide protection, “especially because cyber-attack techniques used change frequently or are not recognized until successful.”
The Securities and Exchange Commission is also taking a closer look at cybersecurity during its examinations of private equity firms, consultants said in October at the 2018 Private Fund Finance & Compliance Forum in San Francisco. In response to this, firms were increasingly prone to staging their own mock exams.
One consultant said that the agency had been pushing this focus over the past six to 12 months in the light of incidents that included phishing – attempting to find out sensitive information through an electronic communication by purporting to be someone legitimate – and fraudulent wire transfers.
“A lot of times when we’re brought in to do user awareness training, guess who’s not there?” one speaker asked. “The CFO, the CEO, the GCs. In reality, they’re the ones being targeted the most and have the most influence.”