QBE North America Whitepaper Unveils Cyber Risks Facing Private Equity Firms and Portfolio Companies

NEW YORK – April 23, 2025 — QBE North America today announced the release of a new whitepaper, “Private Equity Firms Enhancing Cyber Resilience of Portfolio Companies,” which explores the cybersecurity risks facing private equity firms and their portfolio companies. The whitepaper provides insights into how private equity firms are assessing the cybersecurity capabilities of their portfolio companies and the steps they are taking to enhance the cyber resilience of their digital ecosystems.

“Cyber incidents introduce operational, financial and reputational risks that can lead to significant impacts for private equity firms and their investment portfolios,” said Dominic Keller, Global Head of Cyber Services, QBE Insurance. “Private equity firms face the challenge of managing cyber risks across their own operations alongside effectively maintaining the security posture of their portfolio companies. As cyber incidents grow more sophisticated and frequent, private equity firms must prioritize cybersecurity assessments throughout the investment cycle and actively manage evolving cyber risks to achieve their investment and financial goals.”

The whitepaper is based on a survey of 300 risk managers and Chief Information Security Officers (or equivalent roles) at private equity firms with $1 billion to $50 billion in assets under management. Key findings include:

• Cyber due diligence is key. Before making an investment, private equity firms are performing due diligence to evaluate the cybersecurity capabilities of target companies. This includes conducting regulatory compliance assessments (49%) and assessing third-party and supply chain cybersecurity (46%).
• Portfolio companies are facing cyber threats. In the past 12 months, more than half of respondents (54%) said that up to 25% of their firm’s portfolio companies experienced a cyber incident or attack. Nearly a quarter (23%) reported that 26% to 50% of portfolio companies experienced a similar event. Among portfolio companies who have experienced a cyberattack, 46% of respondents indicated that 26% to 50% of those companies reported an incident that involved a ransomware or extortion attempts.
• Cyber incidents are prompting improvements. Private equity firms are actively supporting their portfolio companies in enhancing their cybersecurity. For example, 43% of respondents indicated that between 51% to 75% of their portfolio companies have made cyber improvements such as enhancing technical protections and policies. Notably, 48% said their firms provide cybersecurity awareness training, and 46% offer assistance with third-party/vendor cybersecurity management.
• Cyber insurance adoption remains limited. Prior to making an investment, 60% of respondents indicated that fewer than half of target companies had cyber insurance coverage. Among private equity firms, 53% of respondents report having a cyber insurance policy, and among those firms that do, 60% plan to increase coverage limits in the next 12 months.

To safeguard their investments and operations, private equity firms should take steps to help their portfolio companies mitigate cybersecurity risks. These measures may include conducting regular risk assessments, testing incident response plans, implementing security monitoring tools, and providing cybersecurity training for employees.

Survey Methodology
The survey was conducted by Wakefield Research among 300 risk managers and CISOs/IT/CISO-equivalent roles at private equity firms with $1B to $50B in assets under management, between December 13, 2024 and January 9, 2025, using an email invitation and an online survey.

About QBE North America
QBE North America is a global insurance leader helping customers solve unique risks, so they can stay focused on their future. Part of QBE Insurance Group Limited, QBE North America reported Gross Written Premiums in 2024 of $7.3 billion. QBE Insurance Group’s results can be found at qbe.com. Headquartered in Sydney, Australia, QBE operates out of 26 countries around the globe, with a presence in every key insurance market. The North America division, headquartered in New York, conducts business primarily through its insurance company subsidiaries. The actual terms and conditions of any insurance coverage are subject to the language of the policies as issued. Additional information can be found at qbe.com/us or follow QBE North America on LinkedIn, Facebook and Instagram.

Media Contact:
Lou Casale
Media Relations
[email protected]