Why Private Equity Firms Face Technology Risks

Nicholas J Price
Despite the volatility of the marketplace and the growing technology risks, private equity firms have enjoyed a long, profitable period. Private equity firms maintain strong reserves while continuing to raise capital. Moving forward, some financial experts are concerned that technology risks may be a game-changer in how private equity firms strategize in the future.

There is some concern that interest rates will increase in the coming year, which could drive up costs and reduce values. According to Moody's Investors Service, private equity firms have $1.14 trillion in liquid assets available for investing. How that number changes may be determined by how well they manage risks.

The Number One Technology Risk for Private Equity Firms: Cyberattacks

Without question, one of the biggest threats to businesses, and to society, in general, is cyberattacks. The sophistication of cybercriminals has increased to a point that they can destroy a private equity firm in a New York minute. Cyber risk is a global problem and it's growing. Countries on virtually every continent express rising concern about the severity of the issue. Of notable concern is urgency over threats from nation states and hostile states.

If threats aren't great enough from external sources, cyber risk is also increasing from internal sources. Employees can easily cause threats that stem from many reasons, including negligence, recklessness, disenchantment with their employer or being extorted.

Something that complicates cyberattacks even more is that the nature of threats is constantly changing. It's especially important for private equity firms to regularly refresh and review their cybersecurity processes.

Data Breaches Devalue a Company's Value

For private equity firms, the loss or gain of value is what ultimately determines their success. An unexpected data breach can drastically reduce a company's value. If an acquisition were on the horizon, it could seriously negatively impact the company's sales price, as it did when Verizon purchased Yahoo!. In considering how a cyberattack can decrease a company's value, it creates an even more important case for bolstering cybersecurity measures.

Private equity firms may manage hundreds of billions of dollars within a large range of asset classes. In addition, private equity firms store sensitive client data and communications. If a major private equity company fell victim to a cyberattack, it would certainly have a long-term impact on the firm's reputation and hinder their opportunities to increase their business.

As a survey by Coller Capital showed, about 55% of investors are requiring their general partners to undergo cybersecurity risk assessments for their management companies. About 45% of companies will require their partners at the portfolio level to take cybersecurity risk assessments. While cybersecurity risks top the list of risks for private equity firms, Forbes points out several other risks knocking at their doors, such as risks related to technology, third parties, fraud and misconduct, compliance and crisis management. Let's take a closer look at each one.

Technology Risk

Due to the nature of private equity firms, managing technology risks rises beyond basic information security. Technology is an asset to private equity firms, as they are an aid for increasing business value, identifying problems and supporting financial growth. Private equity firms must assess the risk exposures that may be present in the firm's portfolios as well as the firm itself. A risk that affects a portfolio company will also affect the private equity firm. Private equity firms have to address technology risk management practices as technology advances and evolves.

Third-Party Risk

Private equity firms regularly enlist the help of third parties to perform the services that they're not able to perform for themselves. While third parties may be well-intentioned, they pose risks that can negatively impact investments and damage a company's reputation. Regulators of financial services have made it clear that private equity firms bear the responsibility for risks they acquire as a result of third-party interventions or partnerships.

Fraud and Misconduct Risk

A risk that's not so new relates to fraud and misconduct. Outside actors can be at the head of fraudulent actions when a private equity firm is highly motivated to sell a portfolio company. For firms that have holdings in foreign markets, they risk doing business in countries where fraud, bribery, trickery and corruption are ingrained into the culture. If these issues surface, private equity firms rely on a longstanding history of transparency with their limited partners and regulators.

Compliance Risk

As with any corporation, the volatility of the marketplace causes private equity firms to face more oversight and regulation than in years past. Private equity firms now have to weigh their costs against their duty to ensure that their infrastructure stands up to compliance expectations.

Crisis Management Risk

A data breach, cyberattack, or allegations of fraud, misconduct or bribery can diminish the value of a private equity firm in no time. Private equity firms must be able to respond quickly in times of crisis in order to protect their reputations and to move forward. It takes substantially longer to rebuild a company's reputation than to destroy it. Bad news travels far and fast across the internet. Private equity firms need to ensure that they have a crisis management team and a crisis management plan that are ready to deploy at any time.

It's just as essential for private equity firms to manage risk as any other company, perhaps even more so. It's costly and time-consuming for private equity firms to assess their vulnerabilities related to cybercrime, but it's necessary because the potential for such an incident is extremely high. Making an investment in time and programs to protect their firms will ultimately save the company in finances and reputation in the long run.

At the same time, as private equity companies outsource their own cyber risk services, it presents some new opportunities. Cyber risk management companies are a valued commodity given the frequency and degree of risk that companies are facing. This development presents a viable opportunity for private equity firms to invest in cybersecurity firms.

It's more important than ever before for boards of private equity firms to invest in modern board governance solutions. Diligent Corporation offers a highly secure board portal and a fully integrated suite of board management solutions called Governance Cloud, which provides a comprehensive solution to protect against the risks that are inherent with technology.
Related Insights
Nicholas J. Price
Nicholas J. Price is a former Manager at Diligent. He has worked extensively in the governance space, particularly on the key governance technologies that can support leadership with the visibility, data and operating capabilities for more effective decision-making.