TV

Paul Lucas  00:00:00
Hello everyone, and welcome to Insurance Business TV and a special look at Cyber Risks in private equity with the help of QBE North America. Now QBE North America has recently released a new white paper private equity firms enhancing cyber resilience of portfolio companies, which, as the title suggests, explores the cybersecurity risks facing private equity firms and their portfolio companies. The white paper provides insights into how private equity firms are assessing the cybersecurity capabilities of portfolio companies and the steps they are taking to enhance the cyber resilience of their digital ecosystems. Now we welcome Dominic Keller, Global Head of Cyber Services, QBE, to find out more. Dominic, welcome to Insurance Business, TV. 
 

Dominic Keller  00:00:46
Thank you, Paul, great to be here. 
 

Paul Lucas  00:00:46
So, Dominic, can you tell us a little bit more about the challenges private equity firms face, particularly when it comes to cybersecurity? 
 

Dominic Keller  00:00:55
Private equity firms certainly face a number of diverse and complex challenges when it comes to cybersecurity. The management of sensitive commercial and financial data makes them very attractive targets for cyber criminals. I think also as private equity firms are trying to manage a diverse and evolving portfolio, there are significant differing risks across that portfolio that can lead to significant challenges. Obviously, private equity firms want to maintain valuations across their portfolio, protect their reputations and ultimately achieve their investment goals. I think cybersecurity managers, management takes a significant part of that approach and needs to be a fundamental part of how private equity firms are managing those goals. 
 

Paul Lucas  00:01:46
Absolutely, that's always key for any private equity firm. But just talk to us a little bit more about the survey, were there any key findings there? 
 

Dominic Keller  00:01:55
Absolutely, yeah. So there were, I think one of the key outcomes is that private equity firms are becoming more and more aware of cyber threats, and frankly, that's reassuring to see that as such a core business challenge, private equity firms are aware of it, and they are, the survey outcomes show, that pre investment they are conducting cyber due diligence on their target companies, carrying out assessments and looking at key cybersecurity risks and vulnerabilities. I should also add that the cyber due diligence goes beyond simply that technical assessment. It's going into third party management, employee training and various things. I think another survey outcome is that they're clearly offering support to portfolio companies, and that is a key way in which a private equity firm can ensure that their investment is as strong as possible. On cybersecurity grounds, there's evidence in the survey highlighting that they are assisting portfolio companies with incident response planning, third party cybersecurity management, employee awareness training. So a number of areas more broad than simply the systems, the infrastructure that they're using, they really are we see private equity firms are engaging in that support, and it is leading to improvement amongst portfolio companies. 
 

Paul Lucas  00:03:19
Talk to us a little bit about the role of cyber insurance. Here are private equity firms and their portfolio companies leveraging that insurance? 
 

Dominic Keller  00:03:28
It's a it's an excellent question, and I think the survey brings some very interesting insights from the responses that we saw. Firstly, one out of two, roughly private equity firms do have cyber insurance. So that indicates that private equity firms are aware of cyber insurance. That said, as private equity firms are evaluating target companies, we're seeing that cyber insurance across portfolio companies is a little more limited. There's certainly an opportunity for more education on the value of cyber insurance to both private equity and portfolio companies. I think that there's awareness that cyber insurance provides financial risk transfer, but I think there's more insights that could be gained from the risk services that are added as part of a cyber insurance policy. The value additions of having a clear cyber insurance strategy across a portfolio as a private equity firm is managing their investments, often across different industries and segments, ensuring that cyber insurance is seen as one of the core methods in which they can enhance the cyber security of their portfolio companies. Ensure that there is financial risk transfer if there is an incident or a financial loss, and thirdly, enhancing their overall strategy across the portfolio to maximize investment returns. Cyber insurance, I think plays an important part in that. So the survey highlights, I think that cyber insurance is a known part of the equation now, but there's more education to be had, and I think more improvements and perhaps more value could be still provided to private equity companies and their portfolio companies. 
 

Paul Lucas  00:05:19
Let's get a few recommendations from you as well. If we can do you have any for private equity firms, particularly, of course, when it comes to either cyber risk management or indeed cyber insurance itself? 
 

Dominic Keller  00:05:31
Yes, and this could easily be a one hour question in itself. I think that it is a very, very fast changing landscape. At the moment in cyber security, we're seeing threat actors enhancing their capabilities significantly. AI is certainly becoming part of an equation on the offensive and the defensive side. So I think it's fundamentally important that private equity firms focus on cyber security, understand what the core risks are, and develop an overarching strategy. At a high level, I think the three recommendations, I would say, are as a private equity firm and delivering cybersecurity across the portfolio companies, it's very important to have a strategy as to how that is implemented, and that needs to cross over from technical support to governance, support to a number of different areas. Ultimately, this is to achieve the private equity objective, which is to enhance the valuation and ensure that their portfolio companies are managed as effectively as possible. So building a strategy at a leadership level and ensuring that it is consistently applied across the portfolio is critically important. I think the second area is looking at how you manage some of the technical challenges that are very fast changing. Do you make sure that portfolio companies are all managing the same, you know, using the same technical providers? there are economies of scale that can be leveraged if you are engaging in those, are you allowing the portfolio companies to use their own IT teams use their own technical systems? Again, there's not necessarily a right or wrong approach to all of this. The private equity industry is remarkably diverse across the different companies that they're overseeing, but it is important to make sure that there's not a gap. As we're looking at an overarching strategy, and as you're supporting companies where we're seeing more and more complexity come in at end points across their technical environment, it's important to understand what the portfolio companies can expect from their private equity firms and vice versa. I think the third thing is making sure that the leaders of the portfolio companies and the private equity companies are engaged and both very strongly aware of how cybersecurity is managed and what the expectations are across the portfolio and private equity company. I think one of the areas of risk is if you have leaders in a portfolio company who have differing expectations over management to the private equity company. Enhancing and making sure that there's consistency across that and ongoing discussions are crucially important to ensure that your financial objectives and cybersecurity objectives can be met. 
 

Paul Lucas  00:08:22
Well, speaking of supporting companies, Dominic, if anyone wants to find out more about the white paper, where can they find it? 
 

Dominic Keller  00:08:30
Absolutely qbe.com is the best place to find it and there's certainly a lot of information there on cyber and private equity papers, etc. 
 

Paul Lucas  00:08:40
Well, I'm sure there will be plenty of people headed there now, but do remember to come back here when you finished for more expert insights right here, at Insurance Business, TV.