Cybersecurity services are always getting M&A attention as hackers and spyware develop, and so too do the cybersecurity services themselves. It is a revolving door of hackers advancing and as a result more required investment in cybersecurity services. Now Alliant Insurance Services is jumping into the cybersecurity insurance game.
Alliant’s cybersecurity business came out of stealth mode last month, says Chad Neale, senior vice president, who joined the firm July. “We’re building out a cybersecurity consulting and advisory business.”
Alliant is an insurance broker to the middle market. In the last few years, Neale says, acquirers grew more aware that cybersecurity is a risk buyers inherit as part of an acquisition.
NFP, another insurance broker, is following the same trend, says Brian Flanagan, practice leader in the firm’s private equity group.
“Cyber insurance is a smoking hot issue,” Flanagan says. Buyers have regretted acquiring companies without cybersecurity protection. It can take months to detect a hacking, and cyber insurance protects acquirers for events that happened in the past, he says. “Cyber covers all historical acts.”
Alliant’s Neale explains that middle-market portfolio companies have become hot targets for hackers, particularly vulnerable to ransomware. He pointed to the SolarWinds breach three years ago as an example of the havoc that occurs during a security breach.
In 2020, foreign agents hacked SolarWinds networking monitoring software, allowing the agents to spy on its customers. SolarWinds was in part owned by Thoma Bravo and Silver Lake Partners.
Before SolarWinds, portfolio companies of private equity firms announced that they’d received venture capital, “and hackers found it easy to fake being the PE firm and ask for money,” Neale says. Some PE firms took a hands-off approach toward the operations of portfolio companies back then and “didn’t want to mandate management to do certain things.”
Limited partners have begun to take the initiative, Neale says, and have begun asking PE firms what their plans to protect their investments from cyberattacks are. “LPs began sending more inquisitive questionnaires to management.”
Early this year, the Securities and Exchange Commission voted to amend cybersecurity rules for funds and registered advisors, and that also has contributed to the interest in cybersecurity insurance, says Neale.
Cyber insurance was once an area of flat growth, adds Neale. But the SolarWinds breach “scared” acquirers and insurance providers alike, since the breach spanned many industries and locations. “Payout scares insurance companies, and they realized they weren’t charging enough,” Neale says.