The Hidden Risk of Private Credit

With the private credit boom continuing in 2026, funds should view cybersecurity as a key liquidity risk.

Private credit’s unprecedented growth as an asset class was a key theme of 2025, and it isn’t showing signs of slowing down. As investors continue to chase higher yields and small and medium-sized enterprises (SMEs) look for private alternatives to strictly regulated bank lending, the market is predicted to almost double, from $2.3 trillion in late 2025, to $4.5 trillion in 2030. As the direct lending market surges, however, some analysts are questioning whether enough focus is being given to cybersecurity as an acute investment risk.

The rise of private credit

Following the 2008 financial crisis, banking regulations significantly constrained traditional bank lending to SMEs, with higher capital requirements and stricter risk management standards imposed on lenders. This restriction of traditional bank lending opened the door for private credit to emerge as a crucial source of financing for mid-market companies. According to Market Intelo, SMEs now represent the largest borrower group, accounting for approximately 55% of total loan origination volume in 2024.

Private credit offers SMEs several advantages over traditional bank loans: greater flexibility in loan terms; faster transaction execution; more relaxed lending standards for businesses with less-established credit histories; customised financing solutions, including mezzanine financing and asset-based lending; and relationship-based approaches that better understand SME business models.

SMEs under cyber attack

SMEs are one of the primary recipients of private credit but, in recent years, they have also become the primary targets of modern cyberattacks.

A Focus Group Report indicates 50% of UK businesses were targeted by cyberattacks in 2024, including 18% of micro businesses, 25% of small businesses and 43% of medium businesses. Reinforcing this message, TwentyFour IT Statistics show that 81% of all UK businesses that suffer from cybersecurity attacks are SMEs.

This is reinforced by a report from Vodafone Business, stating that SMEs throughout the United Kingdom are incurring annual losses amounting to £3.4 billion due to inadequate cybersecurity measures. Cyberattacks against SMEs have surged in recent years, with more than a third (35%) experiencing a cyber incident in 2024 alone, while 32% apparently have no cybersecurity protections in place at all.

When a cyber incident becomes a debt crisis

When an attack takes place, there’s often a reduction in the ability of the organisation to service debt arising from the short and long-term impact of the event:

• Immediate revenue loss: Systems downtime, production stoppages, and website outages, directly eliminate revenue generation. Even brief incidents create substantial revenue gaps that impact scheduled debt payments as systems outages halt invoicing, payments and sales.
• Recovery and remediation costs: These unplanned expenses must be funded through available cash, drawing down credit lines, or deferring other obligations (including debt service).
• Ransom payments: SMEs face impossible choices between paying extortion demands or accepting extended operational disruptions.
• Regulatory penalties and legal costs: Data breaches may trigger regulatory fines. Affected businesses also face lawsuits from customers, partners, and shareholders, further draining financial resources needed for debt service.

Cyber risk is therefore increasingly relevant to both the GP underwriting discipline and LP capital protection, as cyberattacks on SMEs have a direct impact on debt-service capacity.

For SME borrowers that rely on private credit, cyberattacks are no longer tail risks but risks that sit firmly within their area of interest and responsibility. They are frequent, disruptive and financially material, capable of impairing debt service even when the underlying business fundamentals remain sound. 

For both GPs and LPs, cybersecurity has become inseparable from credit quality – not as a technology concern, but as a driver of cash-flow durability, covenant performance and capital preservation.

For more information on the hidden risks behind private credit, plus a broader view of the private equity outlook for 2026, please view the Thomas Murray white paper, Cyber Risk is Driving Portfolio Valuation in 2026.