Private equity firms are currently grappling with soaring insurance premiums, particularly in cyber security.
If your firm is experiencing a widespread increase in cyber security insurance premiums across its portfolio companies, you are not alone. At the same time, there is a growing trend of limited coverage being offered in exchange for the increased premiums – and portfolio companies face a new wave of cyber security process requirements.
The widespread increase in insurance premiums
Recent figures from the Council of Insurance Agents and Brokers show that cyber insurance premiums are rising fast across the board. In just one quarter, these premiums rose by a staggering 28%, underscoring the tremendous pressure faced in this domain. When it comes to portfolio companies the specific cybersecurity requirements can vary in complexity. While some companies may have encountered incidents such as ransomware, others might have been fortunate enough to avoid any cybersecurity breaches altogether. Nevertheless, regardless of past incidents or claims, the prevailing trend is that insurance premiums are escalating, presenting several challenges for private equity firms as we enter Q3.
Coverage is diminishing
A secondary insurance concern right now - and one that private equity firms need to be aware of - is the way that cyber security coverage is being reduced at the same time as premiums soar. It is now more crucial than ever to scrutinise the fine print and identify instances where coverage is shrinking across different policies. Ransomware is one area that has been widely affected, with most insurers offering significantly reduced payouts in the event of an attack. Regrettably, companies relying on these policies often discover this limitation when it is already too late to address the matter.
Why is cyber insurance so important?
Private equity portfolio companies are becoming a significant target for cybercriminals that are keen to exploit even the smallest weaknesses in systems or software. Part of the investment decisions process is going to be looking at where resources can be allocated now to try to reduce the cyber security risk - and also to help bring those costly premiums down.
Building a cyber-resilient portfolio
The approach that too many companies take is to focus on the point at which insurance is required, rather than the steps that can be taken to mitigate cyber risks in the first place. A repeatable and pragmatic approach to cyber drives value creation throughout the lifespan of an investment. It’s vital to shift the focus to what needs to happen to stop an attack from being successful in the first place, as opposed to being reactive to a disastrous cybersecurity breach.
While insurance premiums may be skyrocketing, firms that prioritise a cyber-resilient portfolio have the potential to generate greater value creation while mitigating any loss of value upon exit.