In 2023, the global cost of cybercrime is expected to reach $10.5 trillion, and venture capital-backed companies are a prime target. That’s according to a cyber risk assessment of thousands of portfolio companies
A cyber security risk assessment of thousands of venture capital portfolio companies found that 65% (3,565) are exhibiting ‘high’ rated risk signals, and 8.6% (470) exhibiting ‘critical’ risk signals. The cybersecurity software firm that carried out the tests has since named the VC funds whose portfolio companies could be affected (see list below).
Of the 5,482 venture capital portfolios examined, every single one of these companies had cybersecurity issues that could leave them exposed, says DynaRisk, the software company that conducted the assessment.
The report findings reveal that every VC fund has a number of companies in its portfolio that are “highly susceptible to cyber-attacks.”
Examples of risk signals can include data breaches, the use of outdated and vulnerable software, and indications of hacker chatter on the dark web. These issues are well-known drivers of hacking activity, says the software firm.
One particularly notable case from DynaRisk’s research involved a fintech portfolio company. In November 2020, DynaRisk observed a critical vulnerability in the company’s system. Subsequently, in February 2021, the company announced a £5.5 million fundraise led by a UK VC fund, and in May 2021, the portfolio company fell victim to a ransom attack.
“Had this fund been monitoring the company for cyber risks during the due diligence stage or after joining the company’s board, the hack could have been prevented, and the risks to the business greatly reduced,” says Andrew Martin, CEO of DynaRisk.
The fund had a total of 139 days to identify the issue and help the portfolio company fix it.
Are VC-backed portfolios at more risk for cyber-attacks in 2023?
In 2023, the global cost of cybercrime is expected to reach $10.5 trillion, and venture capital-backed companies are a prime target.
There are a number of factors that make venture capital-backed portfolios more vulnerable to cyber-attacks. First, these companies are often young and have limited resources to invest in security. Second, they may be working on cutting-edge technologies that are not yet well-understood, which makes them more susceptible to attack. Third, venture capital-backed companies often have a large number of third-party vendors, which can create a complex and fragmented security environment.
Some of the most common cyber attacks that target venture capital-backed portfolios include:
- Ransomware: This type of attack involves encrypting a company’s data and demanding a ransom payment in order to decrypt it.
- Phishing: This type of attack involves sending emails or text messages that appear to be from a legitimate source in order to trick the recipient into clicking on a malicious link or providing personal information.
- Data breaches: This type of attack involves unauthorized access to a company’s sensitive data.
The consequences of a cyber attack on a venture capital-backed portfolio can be devastating. In addition to the financial cost of the attack, companies may also lose customers, suffer reputational damage, and have difficulty raising additional capital.
There are a number of steps that venture capital-backed companies can take to protect themselves from cyber-attacks. These include:
- Investing in strong security measures, such as firewalls, intrusion detection systems, and data encryption.
- Educating employees about cyber threats and how to spot phishing emails and other scams.
- Conducting regular security audits to identify and fix vulnerabilities.
- Working with third-party vendors that have a strong security track record.
In addition to the steps listed above, venture capital-backed companies should also consider implementing the following measures:
- Use multi-factor authentication (MFA) for all user accounts
- Keep software up to date with the latest security patches
- Segment their network to limit the impact of a breach
- Have a plan for responding to a cyber attack
By taking these steps, venture capital-backed companies can help to mitigate the risk of a cyber-attack and protect their sensitive data.
DynaRisk reported that it analysed the portfolio companies of the following funds:
Albion Capital, Amadeus Capital, Anthemis, ARIE Capital, Ascension Ventures, Augmentum Fintech Management, Axc (axeleo Capital), Basinghall, Better Ventures, BGF, Britbots, British Design Fund, Cherry Ventures, Committed Capital, Concept VC, Cornerstone, Deepbridge Capital, DSW Ventures, EMV Capital, Endeavour Ventures, Episode 1, Exponential Group, Finch Capital, Flint Capital, Fom venture Capital, Foresight, Forward, Fuel Ventures, Hambro Perks, Hoxton Ventures, Hummingbird, Imbiba, Impact Venture, Index Ventures, InReach Ventures, Insurtech Gateway, IW Capital, Jam Jar Investments, Jenson Funsing Partners, Kelvin Capital, Kindred, KPN Ventures, Martlet Capital, Maven, Mayfair Equity, Mercia, MMC Ventures, Molten, Moonfire Ventures, Moscar, NBS Ventures, Newable, Northzone, o2h Ventures, Octopus Ventures, Omnes Capital, Oxford Technology, Parkwalk, Portage, PROfounders Capital, QED, QVentures, RCP, Redline Capital Management, SFC Capital, Speedinvest, SuperSeed, Sure Ventures, Sway Ventures, Symvan Capital, Syndicate Room, The SidebySide Partnership, Triple Point Ventures, TrueSight, Worth Capital.
To view the risk profile of VC portfolio companies, visit here.
