Insurance Coverage is Staying Ahead of Private Equity Electronic Information Exposures

Article

The success of a private equity firm is contingent upon its ability to manage, analyze, and evaluate significant amounts of sensitive information. For instance:

  • Financial statements and projections of current portfolio companies
  • Information regarding deals that your firm is considering or passed over
  • Employee personal information at your firm and portfolio companies
  • LP personal and financial information

Cyber Liability insurance has evolved and there are enough claims to spot trends. It is clear that most claims stem from data breaches on phones, thumb drives, laptops, data sites, tablets, and even printers - not hackers penetrating firewalls to steal saved information stored on state-of-the-art servers.

The operations of a private equity firm, and the electronic information exposures that stem from it, are unique and evolving. The most notable exposure that has underwriter's attention is the advancement and widespread use of inexpensive data site technology.

Cyber Liability policies require some customization in order to address all of the electronic information exposures germane to private equity firms.  Policies are inexpensive compared to the cost of coverages like General Partnership Liability.  Most Cyber policies cost $8,000 - $12,000 annually for a $1.0 million limit of liability.  

The following are some examples of the top four exposures that private equity firms face:

1. Deal documentation is breached which results in a seller pushing back from negotiations.

Sellers are very sensitive to unwanted information making it into the public domain.  A Cyber Liability policy would cover defense costs and third party damages associated with resulting litigation from this type of busted deal.  

The same coverage can be provided even if a third party vendor that you engaged to provide due diligence and / or consulting services incurs a data breach that impacts a pending transaction.  The insurer can extend coverage and subrogate back to the third party on your behalf to resolve the incident quickly.

2. Your firm hosts its own data site instead of utilizing an insured third party vendor.  

Managing your data site through a vendor like Dropbox, Box, Sharefile, etc. is convenient and inexpensive. These new providers can offer strong passwords and SSL encryption, which some consider to be a "sufficient" level of security because it makes unauthorized or unintended activity inconvenient enough.

Conversely, vendors like Merrill Datasite are ISO 27001 certified providers of virtual data room services. They can provide page-level auditing, encrypted minimum-footprint viewers, 2-factor authentication, encryption-at-rest, and dynamic watermarking.  

At its most basic, data room security is simply the inverse of convenience - the less convenient for activity to occur in an unauthorized or unintended manner, the more secure. Hosting your own datasite might be more convenient, but it does expose your firm to an additional level of responsibility and liability compared to using an insured third party that has been involved in tens of thousands of deals.

3. Data is breached on your personal electronic equipment.  

The Cyber Liability policy purchased for your firm can be triggered to protect your personal interests in the event that an employee is a victim of a cyber attack.  The likelihood that you could be targeted personally is higher due to the perception that everyone that works in private equity has a high net worth and the detailed information provided about your senior professionals on your corporate website.

The policy will extend the same coverage and services to all or certain employees including costs for legal defense, lost wages, and expense reimbursement to resolve a personal data breach.

4. Human error.  

The evolution of how work is performed and flows has added convenience and collaboration capabilities that allow employees to work smarter.  Multi-platform environments are now the norm: smart phones, thumb drives, laptops, bluetooth technology, tablets, and wireless printers all present opportunities to widen existing security gaps.

As a result, a realistic origin of a major data breach could be something as simple as leaving a smart phone in a taxi, a tablet in a seat back pocket in an airplane, or a laptop computer in a hotel room.  

Claim Examples

Follow this link in order to read some summaries of actual Cyber Liability claims.

Next Steps

If you would like more information on how Cyber Liability can protect your firm's interest, please contact your Equity Risk Partners representative, or Josh Warren at jwarren@equityrisk.com or (312) 980-7853.

Equity Risk Partners is the only global, full service insurance, risk management, and employee benefits brokerage focused exclusively on private equity firms, alternative asset managers, and their portfolio companies. Serving private equity firms since 1994, our professionals have had a meaningful impact on hundreds of deals.  

To learn more about Equity Risk Partners please visit our website at www.equityrisk.com.