Return to search

Lack of talent and leadership impeding cybersecurity improvements

A survey of 100 firms by fund administrator Augentius found that more than 50% are less than satisfied with their cybersecurity arrangements.

A dearth of technology, internal talent and leadership is preventing private equity firms from acting on cybersecurity concerns, according to a study by fund administrator Augentius.

In a survey of 100 private equity firms from around the world, Augentius found that more than half were less than satisfied with their current level of cybersecurity, but that the lack of talent alongside the difficulty of replacing legacy IT systems is standing in the way of technology improvements. Fifty-five percent of firms said investment in technology was a high priority over the next year.

“This internal lack of technology leadership and skill is understandably a problem for many smaller firms, given the prohibitive cost of building up in-house expertise from scratch,” Ian Kelly, the group chief executive officer of Augentius said. But he added “the old stereotype of the industry lagging behind when it comes to seeing the importance of technology is now firmly outdated. The results underline how attitudes have shifted.”

More than half of the firms surveyed said they would be investing in cybersecurity alongside data management and cloud upgrades.

There are positive signs that regulator warnings about the rising threat of cybercrime are getting through to the industry and having the desired effect on investment in this area,” according to Kelly. “However, with half of the industry less than satisfied with their arrangements there is clearly still some road left to travel – regulators have been clear that there isn’t any room for half-measures on this front.”

In Europe, AIFMD and more recently GDPR have served to focus firms more fully on their data and security arrangements, and the survey bore this out, with European firms more likely to see technology improvements as a high priority compared with their US counterparts. Regulators have consistently said firms cannot outsource responsibility on data protection, and US firms have been told by experts that they need to up their game on GDPR.