Back to Blog

Cyber-crime tests the mettle of asset managers

The scale of the damage being inflicted on the world economy by cyber-criminals should not be underestimated. The losses incurred by cyber-crime globally are forecast to reach $10.5 trillion by 2025.
Jeremy Siegel
divider round bottom

The scale of the damage being inflicted on the world economy by cyber-criminals should not be underestimated. According to data from Cybersecurity Ventures, a research company, the losses incurred by cyber-crime globally are forecast to reach $10.5 trillion by 2025, up from $3 trillion in 2015.  In other words, the economic costs of cyber-crime by 2025 are projected to be larger than Japan’s entire GDP. With the volume and sophistication of cyber-attacks rising exponentially, asset managers need to ensure they have processes in place to protect both themselves and their clients from such attacks.

Asset managers remain acutely vulnerable

Experts argue asset and wealth management companies – owing to their healthy AuM (assets under management) growth over the last few years – are being targeted more aggressively by opportunistic cyber-criminals. The industry is also acutely vulnerable because traditional financial institutions – principally banks and market infrastructures  - are ploughing industrial amounts of resources into propping up their cyber-defences -  meaning they are broadly well-protected against most threats, forcing criminal groups to look for weaknesses elsewhere.  In contrast to major banks, many asset managers simply do not have deep enough pockets to invest into best-in-class cyber-security systems. Consequentially this makes investment firms  a ripe target for cyber-criminals.

Cyber-attacks adopt many different guises – including DDOS (distributed denial of service), malware, ransomware, trojans, spyware, viruses, worms,  keyloggers, bots and crypto-jacking. In most cases, the majority of cyber-attacks can be prevented through the adoption of best technology practices (i.e. carrying out software updates in good time; installing malware and virus protection onto work devices; using VPNs when logged onto public Wi-Fi networks;  prohibiting the use of personal devices for work purposes etc.).  

However, successful hacks do and will happen and no manager – irrespective of AuM size or the capabilities of their cyber-defences – is immune.  As such, it is critical investment firms purchase quality cyber-insurance as this can help mitigate some of the damage (both financial and physical) from hacks.  It is also essential firms have internal policies and procedures in place on what to do should there be a serious hack, and ensure these are tested on a regular basis. And finally, managers must be totally transparent with their clients (and regulators) if they do fall victim to cyber-criminals.

Humans are often the biggest weakness

One of the most common types of attack nowadays is phishing, which is both low cost and low-tech, but highly effective. Phishing can be split into several buckets – namely spear or whale phishing (targeting specific C-suite executives),  vishing (when fraudsters target victims on the phone) and email phishing (i.e. the use of scam emails). With the pandemic, phishing has become increasingly ubiquitous – especially as criminals are exploiting the COVID-19 uncertainty to lure victims into revealing sensitive or proprietary information.

Accordingly, fund managers need to have mechanisms in place to reduce the likelihood of employees succumbing to these sorts of scams. Education is therefore paramount. A number of financial institutions will routinely conduct mock phishing exercises to test employees’ cyber-awareness, with any shortcomings being subsequently remedied. Such policies are vital, especially as investors and regulators want more evidence from managers that they adopt proper cyber safeguards.

Most hacks are avoidable -  assuming investment firms implement basic cyber-protections and teach their staff about how to ward off phishing attempts. Unfortunately, hacks will happen, and this is unavoidable. While it is important managers adopt preventative  cyber-security measures, it is equally important that they have the tools to respond to breaches as and when they occur.

Share on social media: 

More from the Blog

Crises force firms to prioritise resilience

Two black swan events have unfolded in the space of just two years - sparking not just unprecedented market volatility but upsetting global supply chains in their wake. Consequentially, asset managers now need to re-think their technology outsourcing models if they are to insulate their businesses from extreme risks.

Read Story

Cloud computing unlocks opportunities for asset managers

Cloud-based technologies confer on asset managers a number of operational and strategic benefits at a time when their margins are being badly squeezed.

Read Story

Ransomware threat continues to draw concern in the financial sector

Ransomware is a significant concern for any firm that holds sensitive data and there has been a 1400% increase in cyber-attacks reported to the FCA since 2014.

Read Story