Asset Management Firms Lacking in Cybersecurity Awareness5 Nov
You know that Charles Schwab commercial where the young boy is asking questions to his father about his asset management firm? The boy continually asks “Why not?” to which the father has no real answer. The commercial concludes by saying, “Are you asking enough questions about the way your wealth is managed?”
While this commercial speaks mostly to how happy you are with your firm and how they manage and grow your wealth, it brings up another interesting question – is your asset or fund management company doing enough to protect your data and your money from cyber crime? Not to mention the risk of fraudulent trading that could bring the financial system to its knees?
Cybersecurity is a hot topic in the news today not only because of recent attacks on major retailers but also due to the United States Congress passing cybersecurity legislation. The SEC is the governing body of the financial industry and while they do have some standards when it comes to cybersecurity, asset management companies and fund managers themselves haven’t been taking as much precaution as they should.
Sure, you want your wealth management firm focusing on, well, managing and growing your wealth, but if someone hacks into their system and steals all that hard earned money you wouldn’t be too happy regardless.
As one of the most prominently scrutinized industries since the housing bubble and subsequent financial crisis, asset management firms are starting to realize it’s time to get more serious about cybersecurity, even if they haven’t made major strides quite yet. Either way, the first step to solving a problem is identifying there is one.
In a recent Q&A on Financier Worldwide Scott Laughlin, an associate with Hogan Lowells US LLP and Mike Gillespie, Managing Director at Advent IM Ltd, discussed the concerns, or lack thereof, within the asset management industry about cyber crime.
Loughlin stated, “Pressed by the time pressures of a deal, buyers often do not focus on cyber security risks facing the seller during due diligence. This is a mistake as a company’s cyber security capabilities can affect the value of a company or even the viability of the transaction itself. “
Gillespie shared similar sentiments about the lack of due diligence when it comes to cybersecurity, “I would be surprised if there is much done in terms of cyber due diligence in M&A, and would also be surprised if there was any major skill or experience in investigating cyber threats. This represents a significant vulnerability to the client, as the cyber security posture of any party in an M&A situation could have a huge impact on reputation as well as all other business functions. “
So, what can be done in order to decrease the risk or a cyber attack in this environment? PwC came up with six steps that would help, several of which stand out:
Clarify Roles and Responsibilities from the top down
People like to know where they stand and what their specific responsibilities are. Creating expectations for everyone involved allows for better response if there is an attempted or successful attack.
Create a cyber-incident response team
Of course, we need to have specific people or teams in place to take action if there are clear vulnerabilities or an attack has occurred.
Nurture and share skills
Educating and sharing knowledge puts asset managers on a path to overall cybersecurity success. It’s important to continually educate about new tactics or cybersecurity methods.
As a whole, most industries are making strides towards better overall security even if we don’t see it on a day-to-day basis. The word “hacking” is a new term to many people, and even though many of us use the Internet on a daily basis we really don’t understand how it works or the pitfalls that accompany it. Our false sense of security comes from either a lack of knowledge or full blown ignorance, but with time we will all become more diligent and forceful against cyber attacks as we become more familiar with the digital world.