Every company with venture capital (VC) investments that has a presence in London also has cyber security issues that could leave them exposed to hacking activity, with 65% (of the 5,482 companies surveyed) exhibiting ‘high’ risk signals and 8.6% exhibiting ‘critical’ signals, according to a report by cyber security software firm DynaRisk, which conducted the survey.

These alarming statistics, it argues, indicate that every VC fund has a number of companies in its portfolio that are highly susceptible to cyber attacks. Examples of risk signals can include data breaches, the use of outdated and vulnerable software, and indications of hacker chatter on the dark web. These are all well-known drivers of hacking activity.

A successful cyber attack can cause a potentially existential risk to a business by impacting its ability to operate, damaging its reputation or suffering large financial losses from hundreds of thousands to millions of pounds. It can also lead to greatly reduced shareholder value due to declining revenue from the loss of customers and intellectual property and the risk of the company being hit with regulatory fines and lawsuits.

The need for comprehensive cyber risk monitoring has never been clearer, the report states. One particularly notable case cited in the report involved a fintech portfolio company. In November 2020, the security firm observed a critical vulnerability in the company’s system. Subsequently, in February 2021, the company announced a £5.5 million (US$7 million) fundraise led by a UK VC fund, and in May 2021, the portfolio company fell victim to a ransom attack.

“Had this fund been monitoring the company for cyber risks during the due diligence stage or after joining the company’s board, the hack could have been prevented, and the risks to the business greatly reduced,” notes Andrew Martin, the security firm’s CEO. “The fund had a total of 139 days to identify the issue and help the portfolio company fix it.”