Firms large and small showing substantive gaps in cyber-protection
CAMBRIDGE, ON–(Marketwired – January 28, 2016) – eSentire Inc., a proven industry leader in managed cybersecurity services, in conjunction with research firm Private Equity International (PEI), today released a research report titled ‘Cybersecurity in Private Equity: How Prepared is the Industry?’.
The report finds the majority of private equity firms have huge gaps in their defenses and are gravely unprepared to fend off today’s sophisticated cyber threats.
PEI surveyed close to 100 international private equity firms to conduct its research, and found the biggest gaps surround a simple lack of focus on cybersecurity with the absence of dedicated programs, protocols and expertise. In short, it appears the industry simply believes ‘it won’t happen to them’.
While more than 70 percent of respondents believe cybersecurity is a high risk to their business operations, only 23 percent claim to have a fully operational and compliant cybersecurity program.
While programs and protocols to address cybersecurity are scarce (48 percent of employee are permitted to use personal devices and yet 56 percent of respondents admit they do not have a security policy for outside devices), more than half (53 percent) of respondents admit to already being a victim to some form of cyber attack.
More than 50 percent of respondents are of the opinion that regulatory compliance is of the highest importance to their businesses’ cybersecurity management and yet if audited thoroughly today, more than 50 percent would likely fall into the category of non-compliance.
Too small to fail?
“Many small and mid-sized financial firms wrongly consider themselves too small to be of interest to cyber criminals and choose to ignore the threat, leaving them open to attack.
Private equity firms are particularly vulnerable as most operate with small cybersecurity budgets and limited IT staff,” said Eldon Sprickerhoff, eSentire Founder and Chief Security Strategist. “It is not surprising, given our own research findings, that the whole financial industry is coming under increased pressure from governing authorities to entrench cybersecurity into their business practices.”
“Private equity firms, regardless of size or sector, face growing cyber threats across their operations and within their portfolio companies,” said Dan Gunner, Director, Research & Analytics PEI. “This report makes clear that the industry is a long way from consistent application of understood best practice and that too few firms are equipped to tackle these threats effectively. No matter how much firms achieve through their deal-making capabilities, cyber weaknesses in the back office have the capacity to undermine even the most stellar reputations and undo years of hard-earned success.”
Among them the US Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE), the Financial Industry Regulatory Authority (FINRA) and the UK’s Financial Conduct Authority (FCA) — have cybersecurity high on their list of priorities. For example, in 2015 FINRA formally added cybersecurity to its audit process.
Regulated industries will continue to feel the pressure until all firms implement a comprehensive cybersecurity program to provide assurances to both regulatory agencies and their clientele that their high value data is protected.
As a leading cybersecurity advisor in the financial industry, eSentire is aligned with the regulatory associations driving change and remains committed to delivering essential programs to help firms in the sector stay ahead of governance requirements.
eSentire pioneered Continuous Advanced Threat Protection, which leading analyst firm Gartner Research began covering in June of this year as a best practices framework for defending against the most egregious cyber security attacks. eSentire’s solution delivers continuous monitoring, real-time threat detection and containment technology as a service with human threat analysts on a 24x7x365 basis. eSentire challenges legacy security approaches, combining behavior-based analytics, immediate mitigation and advanced threat intelligence.
To view the full report: Cybersecurity in Private Equity: How Prepared is the Industry?
About eSentire Inc.
Sentire® is a proven industry leader, keeping mid-size organizations safe from constantly evolving cyber attacks that traditional security defenses simply can’t detect. eSentire combines people, process and technology to deliver an unmatched, premium level service that detects, remediates and communicates sophisticated cyber threats in real-time, 24/7. Protecting more than $2.5 trillion in Assets under Management (AuM), eSentire is the award-winning choice for security decision-makers in mid-size enterprise. eSentire has received multiple accolades for exceptional service, which includes HFM (Hedge Fund Manager) Service Provider awards (2013, 2014, 2015). In 2015 eSentire was named to Deloitte’s Technology Fast 50™ and Fast 500™ and included in the list of “Cool Vendors” in the Cool Vendors in Cloud Security Services, 2015 report by Gartner, Inc. For more information visit www.esentire.com and follow @esentire.
About Private Equity International (PEI)
pfm is published by PEI, the leading financial information group focused exclusively on alternative asset finance and investment. PEI specializes in covering the private equity, private debt, real estate and infrastructure industries globally and are increasingly active in other, emerging alternative investment fields and practices too. The company has over 120 staff based in three offices — London, New York and Hong Kong.