Back to Blog

Cyber-crime tests the mettle of asset managers

The scale of the damage being inflicted on the world economy by cyber-criminals should not be underestimated. The losses incurred by cyber-crime globally are forecast to reach $10.5 trillion by 2025.
Jeremy Siegel
divider round bottom

The scale of the damage being inflicted on the world economy by cyber-criminals should not be underestimated. According to data from Cybersecurity Ventures, a research company, the losses incurred by cyber-crime globally are forecast to reach $10.5 trillion by 2025, up from $3 trillion in 2015.  In other words, the economic costs of cyber-crime by 2025 are projected to be larger than Japan’s entire GDP. With the volume and sophistication of cyber-attacks rising exponentially, asset managers need to ensure they have processes in place to protect both themselves and their clients from such attacks.

Asset managers remain acutely vulnerable

Experts argue asset and wealth management companies – owing to their healthy AuM (assets under management) growth over the last few years – are being targeted more aggressively by opportunistic cyber-criminals. The industry is also acutely vulnerable because traditional financial institutions – principally banks and market infrastructures  - are ploughing industrial amounts of resources into propping up their cyber-defences -  meaning they are broadly well-protected against most threats, forcing criminal groups to look for weaknesses elsewhere.  In contrast to major banks, many asset managers simply do not have deep enough pockets to invest into best-in-class cyber-security systems. Consequentially this makes investment firms  a ripe target for cyber-criminals.

Cyber-attacks adopt many different guises – including DDOS (distributed denial of service), malware, ransomware, trojans, spyware, viruses, worms,  keyloggers, bots and crypto-jacking. In most cases, the majority of cyber-attacks can be prevented through the adoption of best technology practices (i.e. carrying out software updates in good time; installing malware and virus protection onto work devices; using VPNs when logged onto public Wi-Fi networks;  prohibiting the use of personal devices for work purposes etc.).  

However, successful hacks do and will happen and no manager – irrespective of AuM size or the capabilities of their cyber-defences – is immune.  As such, it is critical investment firms purchase quality cyber-insurance as this can help mitigate some of the damage (both financial and physical) from hacks.  It is also essential firms have internal policies and procedures in place on what to do should there be a serious hack, and ensure these are tested on a regular basis. And finally, managers must be totally transparent with their clients (and regulators) if they do fall victim to cyber-criminals.

Humans are often the biggest weakness

One of the most common types of attack nowadays is phishing, which is both low cost and low-tech, but highly effective. Phishing can be split into several buckets – namely spear or whale phishing (targeting specific C-suite executives),  vishing (when fraudsters target victims on the phone) and email phishing (i.e. the use of scam emails). With the pandemic, phishing has become increasingly ubiquitous – especially as criminals are exploiting the COVID-19 uncertainty to lure victims into revealing sensitive or proprietary information.

Accordingly, fund managers need to have mechanisms in place to reduce the likelihood of employees succumbing to these sorts of scams. Education is therefore paramount. A number of financial institutions will routinely conduct mock phishing exercises to test employees’ cyber-awareness, with any shortcomings being subsequently remedied. Such policies are vital, especially as investors and regulators want more evidence from managers that they adopt proper cyber safeguards.

Most hacks are avoidable -  assuming investment firms implement basic cyber-protections and teach their staff about how to ward off phishing attempts. Unfortunately, hacks will happen, and this is unavoidable. While it is important managers adopt preventative  cyber-security measures, it is equally important that they have the tools to respond to breaches as and when they occur.

Share on social media: 

More from the Blog

Portfolio BI named ‘Best OMS’ at the With Intelligence HFM US Service Awards 2022

Portfolio BI, a leading provider of front-to-back platform solutions for order management, portfolio management, data management, reporting, and public cloud services and support for the buy-side has announced its success as ‘Best OMS’ at the With Intelligence HFM US Service Awards, held in New York this week.

Read Story

The complexity IFPR and ICARA reporting requires a robust data management strategy

Regulatory reporting obligations have created a plethora of challenges across different organisations within the financial service industry, from insurers and banks to asset managers and payment processing firms

Read Story

The SEC revamps Form PF

Introduced under the Dodd-Frank Act as a mechanism to enable US regulators to proactively identify build-ups of systemic risk in the private funds industry

Read Story