When Investors Ask the Cyber Question A Cost-Benefit Framework for Private Equity and Hedge Fund Managers
What LPs Are Asking and Why It Matters Now According to the Private Funds CFO Insights Survey 2025, LP scrutiny of cybersecurity has increased materially. Forty-seven percent of CFOs report that investor questions about cybersecurity have risen over the past 12 months. Ninety-one percent say LPs are asking very detailed or moderately detailed questions during due diligence, and roughly two-thirds report that LPs always or sometimes ask about cyberattack readiness policies. This scrutiny is no longer abstract. The questions LPs raise are increasingly specific, documented, and standardized. Industry due diligence questionnaires used across private equity and hedge fund investing have expanded their focus on technology risk, governance, and cybersecurity practices, reflecting how central these issues have become to fund oversight. When LPs send these questionnaires, they are typically asking practical questions. What frameworks are followed. What certifications or attestations can be demonstrated. How cyber risk is assessed across the portfolio. What incident response procedures are formally documented. These questions are no longer satisfied by narrative explanations. They require evidence. This shift has also become more structural. The ESG Data Convergence Initiative, which includes more than 500 participating GPs and LPs representing approximately $59 trillion in assets under management, has introduced cybersecurity as a formal metric for its 2026 reporting cycle. Portfolio companies are asked to document specific cyber risk management activities, with results benchmarked across the initiative’s dataset. For fund managers, the implication is straightforward. LPs are increasingly able to compare cybersecurity posture across portfolios using consistent formats. Where portfolio companies cannot document their practices in ways LPs recognize, fundraising discussions tend to become more difficult, particularly when compared with peers that can provide clearer evidence. The same survey indicates that a majority of CFOs believe strong cybersecurity protocols are now considered baseline expectations by investors. Against this backdrop, two practical questions follow. What does it cost when portfolio companies or targets cannot answer the cyber question clearly. And what is the most efficient way to establish documented cyber governance at a cost that makes economic sense.