Asset management firms are experts at leveraging innovative opportunities to minimise risk and maximise returns. This drive for secure and substantial investments can even extend to changing the company’s base of operations. For example, Bloomberg recently reported that, in the U.S., Goldman Sachs Group Inc. was considering moving its asset management division from New York to Florida in order to benefit from tax advantages and other perks.
Here in the U.K., according to a recent report from Reuters, Chancellor of the Exchequer Rishi Sunak spoke at an event hosted by The Investment Association. Sunak said the British government was determined to retain the United Kingdom’s status as an asset management leader.
We hope to remain in that position. It’s clear that change is a constant in this industry. That means cyber security has to keep up with disruptions in the asset management space. Any substantial organisational changes can alter the security posture of a company, so it’s imperative that leaders in this sector have a firm understanding of the cyber security threat landscape and how they’ll handle those concerns.
Cyber Threats Facing Asset Management Firms
Asset management firms handle a wealth of valuable personal information and financial data, which can make them a high-priority target. So what cyber threats do they face?
Who Is a Threat?
To begin with, we should examine which agents pose the greatest potential threat for asset management cyber security. A 2018 report from KPMG and The Investment Association identified two main potential sources for cyber threats:
- Organised criminal enterprises.
- Inside users who have privileged access.
These findings underscore a couple of main points. The first is that asset management firms are targeted by sophisticated perpetrators who may run large-scale campaigns. The second is that insider threats are a real and present possibility.
What Threats Do Asset Management Firms Encounter?
An article published by the Harvard Law School Forum on Corporate Governance in 2019 identified recent cyber crimes that impacted asset management firms.
In particular, the authors pointed out that recurring threats included:
- Business email compromise directed at executives.
- Spear-phishing efforts that deployed malware.
Firms may also experience highly sophisticated attacks. Citing a report from The Wall Street Journal, the Harvard article described one attempted incident in which the perpetrators used artificial intelligence to impersonate a CEO’s voice.
Even the most mundane and expected cyber threats need to be taken seriously, but the message is clear: Asset management firms face a barrage of cyber threats, both commonplace and extraordinary in nature.
What Is the Potential Scope of Damage for Asset Management Firms?
Failure to achieve sufficient cyber security protections can result in a variety of consequences for asset management organisations. The most obvious potential loss comes from the immediate financial impact of the attack. In other words, the money that scammers pocketed.
But far more devastating consequences could be just around the corner after a cyber incident, ranging from regulatory action to loss of business stemming from the breach of trust experienced by the firm’s customers. Without their reputation in place, asset management firms can struggle to attract and retain customers.
Strategies for Enhanced Asset Management Cyber Security
Asset management cyber security initiatives have to protect against both internal and external threats. At the same time, precautions must be put in place to prevent incursions from simplistic, volume-based campaigns as well as highly orchestrated efforts designed to circumvent multiple security barriers. As we’ve seen, the stakes are high. So what can asset management firms do to protect themselves?
Recognise the Threat From Within
Do not underestimate the potential for enduring an internally implemented cyber attack. Ensure that you use the most restrictive level of permissions possible for sensitive data, and limit access only to individuals who have the proper clearance. Require authentication, too, and maintain the integrity of audit trails.
Nurture Good Governance
A 2018 study of wholesale banks and asset management firms conducted by the Financial Conduct Authority emphasised the importance of integrating cyber security concerns with decision-making authority. The report also noted that decentralised vendor procurement, with input from a wider variety of stakeholders, could help mitigate risk.
Remain Agile and Adaptable
Asset management companies acquire, integrate, divest from and merge companies, as well as handle other investments to achieve maximum value. As such, it’s important that security considerations in this sector are adaptable and flexible enough to match the agile nature of the businesses they serve. Security solutions must be able to protect investment opportunities throughout the various stages of this life cycle to ensure that all risks are understood and managed effectively. This will help protect the value of the investment across time.
Sharing Resources and Looking to the Future
The report from The Insurance Association and KPMG also noted that shared resources across the asset management sector — including threat intelligence — could benefit all parties. Additionally, firms were advised to assess how new technologies and other disruptions in the industry could allow for new and unexpected vulnerabilities.
Outside cyber security experts can pose a distinct advantage for asset management firms as they seek to address the rising tide of threats they face. Working with independent consultants and other professionals can help you address your vulnerabilities and enhance your security culture. Find out how Saphisle can play a role in your company’s cyber security strategy.