Cyber Insurance for Private Equity

September 20, 2019

By: Kyle Frigon, Director, Cherry Bekaert Benefits Consulting and Michael Aronson, Risk Management Consulting, Chernoff Diamond

As a private equity firm, you are well aware of the importance of insurance. While some insurance policies may include cyber indemnification, you may want to take a closer look at what your policy actually covers. Incomplete policies may leave you exposed in the wake of a cyberbreach. Cyber insurance can cover cyberattacks from outside your firm, but also can cover cyber and data breaches from employees within your firm, whether human error or intentional. While there is no requirement by law for cyber insurance, often companies are required to have cyber insurance in order to gain contracts, attract investors, or become partners.

Insurance Policies: What to Look For

There are many types of cyber insurance policies – the risks presented by a cyberbreach are constantly changing, thus policies are frequently amended. When searching for policies, consider a separate cyber policy, not an extension. A separate policy will ensure you are getting the best and most comprehensive coverage. Be sure to carefully review each policy available to guarantee you are receiving full and up-to-date coverage that best suits your firm’s needs. If right for your firm, make sure the policy covers both first-party (the insured) and third-party (individuals or organizations filing a claim against your firm). In most cases, first-party coverage is affected and is much more meaningful.

Cyber Insurance and Private Equity

When your private equity firm is acquiring or divesting of portfolio companies, ensuring there are minimal cyber risks is a critical step. During the due diligence process, cyber insurance can mitigate the risk of something happening before or after selling or purchasing. When purchasing, ask for the previous company’s cyber insurance policy to extend their coverage, so if a breach becomes public that began before you acquired it, the past insurance company will cover the damage.

Aside from regular cyber exposures, private equity firms face extra risk, especially during the due diligence phase when confidential information is transferred back and forth in data rooms. Data from service providers, employee data, financial data and other sensitive data is shared with many parties and can be at additional risk without being properly protected.

Best practices recognize the rapidly changing cyber environment and a re-evaluation of cyber policies every 18 months ensures an alignment of coverages with current risk factors. An unexpected cyber claim may completely change your future calculations and be catastrophic to your business. Having the best cyber insurance is not only practical, but oftentimes necessary for peace of mind and to ensure long-standing and sustainable business success.