September 21, 2020

Volume X, Number 265

September 18, 2020

Subscribe to Latest Legal News and Analysis

Asset Managers and Cybersecurity Risk Management

As if 2016 wasn’t challenging enough for asset managers, the rise in Cybersecurity risk has certainly become increasingly prevalent.  As our industry continues to depend on digital platforms for real time processing from everything from data storage to clearing, asset managers must realize that the threat of a security breach is no longer just about “stealing” but more about destruction and disruption.  According to market data, in 2015, our industry suffered well above a 100 percent increase in cyber attacks and worse yet, 98 percent of current web applications are “breachable.”  If we are in fact destined to become an industry with compounded digital platforms, the ability to manage Cybersecurity risk on a fund and third party service provider level is significantly diminished.

Here are some helpful tips for asset managers:

  • Focus on what is your most valuable asset.  Everyone appears to have a very different view on what this is;

  • Understand your infrastructure, where the assets are kept, who has access to it, and how you are sharing data or transferring assets;

  • Train your team and encourage them to report any suspicious emails or glitches.  Cyber attacks are reportedly happening faster.  One email is enough to permit Malware.  Once access to your computer is achieved, the entire database is at risk.  Take the time to train your team with a simple practical set of risks and action plans.  Carefully consider the best training program for your team since lengthy on-screen tutorials may not be the best approach for group’s with access to sensitive data since people are more likely to click to the end without retaining much of the information;

  • Hire outside counsel with an expertise in this area.  Your outside counsel will advise you on current regulation, case law and sanctions/fines.  Furthermore, your outside counsel will guide you in creating an appropriate set of procedures.  In the event of a breach, your lawyers will assist you in managing the process and dealing with your investors, the FBI and regulators.  Reputational risk may be the least of your worries;

  • Cybersecurity is a major threat.  Don’t become complacent. Regulators will expect actual policies and procedures and investors will invest their capital with asset managers who are taking the protection of their data and assets seriously;

  • Hire the experts to assist you in creating an action plan.  Something as simple as a secure communication tool or multi-factor authentication program can make the difference.  Use layered protection because one program may not protect you as we continue to compound digital platforms on the asset manager and third party provider levels.

©2020 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume VI, Number 103


About this Author

Nanette Aguire, Greenberg Traurigh Law Firm, New York, Finance Law Attorney

Nanette Aguirre concentrates on derivatives and structured products. Her experience includes negotiating all forms of international derivative (ISDA), trading and prime brokerage agreements with global institutions. Additionally, she regularly advises on regulatory issues affecting the derivatives market, including without limitation, Dodd Frank and related cross border regulation.

She has structured and negotiated finance and derivative transactions (including Indian and Chinese swaps, and generally, credit and fund-linked derivatives, loan,...