In the first of a three-part series, I explored cyber due diligence best practices for private equity firms. In this Part II, Dan Frusciano, Liberty Mutual’s North America head of cyber underwriting, and I will examine the role PE boards play in cyber security and how they can amp up their expertise to meet the growing demands and complexities of cyber security.
As I wrote previously, cyber risk is multi-dimensional for PE firms in that they face cyber security issues for their portfolio companies as well as for the firm itself. While in the past firms might have relied on the boards of their investment companies to evaluate cyber risk, the approach and thinking is rightfully changing. It is now increasingly recognized that PE boards should be armed with the expertise to drive a firm’s overall cyber security approach so that risk is looked at consistently and holistically. If not, should a breach occur, a private equity board may face scrutiny for being negligent if they have not recommended or pushed cyber security.
The Dodd-Frank Act, which requires that there be a finance expert on public company boards, forever changed the makeup of board composition. Dan and I agree that in the next 10 years we likely will see something similar play out for cyber security. We anticipate it will become a requirement of public companies – and that private companies will follow suit – to have a cyber security expert on their board, or else face fines from the SEC or other regulatory institutions. The lack of one will indicate, whether true or not, that the right level of oversight was lacking over cyber security should an incident occur.
In fact, we are currently seeing the breadcrumbs of formal board-level cyber security oversight beginning with the following disclosure law that was signed into law in 2022. This legislation requires companies to report “any covered cyber incidents within 72 hours from the time the entity reasonably believes the incident occurred.”
There are four concrete actions private equity boards can take now to amp up their cyber expertise:
Cyber is a peril that touches all companies, from the small corner bakery to a mega Fortune 500 business, making cyber risk a must-address issue for boards. Cyber knowledge gaps can be addressed and strategic steps taken so that a board can confidently influence a firm’s approach to cyber to help protect investments and build the business.
Liberty Mutual’s dedicated underwriters, close partnerships with our clients and brokers, and expert mitigation and claim resources help us deliver cyber liability solutions appropriate to the individual needs of companies across geographies and industries. And learn more here about how we help private equity firms manage their unique risk needs.
Our commercial and specialty insurance products and services are distributed through brokers and agents. If you are interested in our solutions for your business, please contact your agent or broker. If you are an agent or broker, please reach out to our team for more information.
Boston, MA
New York, NY
This website is general in nature, and is provided as a courtesy to you. Information is accurate to the best of Liberty Mutual’s knowledge, but companies and individuals should not rely on it to prevent and mitigate all risks as an explanation of coverage or benefits under an insurance policy. Consult your professional advisor regarding your particular facts and circumstance. By citing external authorities or linking to other websites, Liberty Mutual is not endorsing them.
