News & Alerts

Overcoming the challenges of managing cyber security within the asset management industry

As fund complexity increases, so too does the importance of robust technology. Firms must meet both regulatory requirements and heightened investor demands, all the while facing an increasing risk of cyber-attacks. With an ever-growing supply of software, systems and automations, cyber-attacks now pose an immediate and significant threat to fund managers, who are actively looking to leverage best-in-class technology systems that offer advanced connectivity.

Embracing advanced technologies, such as Artificial Intelligence (AI), means recognizing their dual nature; while AI can enhance cyber security through automated defenses, its unregulated use can create new vulnerabilities. Upcoming regulations highlight the need to balance the benefits of AI with the mitigation of its inherent risks.
Albert Chin discusses managing cybersecurity challenges in asset management – FundBank

Cyber security continues to be a top priority from a regulatory perspective, particularly for fund managers. They must adhere to strict guidelines put in place by global regulators to safeguard financial data and Personally Identifiable Information (PII). Non-compliance is not an option and laws such as the General Data Protection Regulation (GDPR) mandate robust cyber security measures. Failure to comply with GDPR can lead to significant penalties and, in addition, the European Union is strengthening its regulatory framework with regards to the Digital Operational Resilience Act (DORA), aiming to ensure all financial system participants can effectively guard against cyber-attacks. DORA’s rules will be fully enforceable from 17 January 2025.

Today, cyber security is no longer solely the responsibility of the IT and Technology team, it is the responsibility of all employees, from entry-level to board-level, to ensure that any form of risk is mitigated.

Top Strategies for Enhancing Cybersecurity in Asset Management and Banking

There are numerous strategies that the asset management and banking industries can utilize to help ensure that cyber security management is both prioritized and best-in-class. We have set out these strategies below:

Risk assessment and management

Conducting regular and comprehensive overall risk assessments is essential in order to identify potential vulnerabilities and threats. Firms must prioritize risks based on their potential impact and likelihood of occurrence and then develop and implement their mitigation strategies accordingly.

Strong authentication and access controls

It is crucial to implement multi-factor authentication (MFA) and strong password policies to control access to sensitive systems and data. The Zero Trust Model and Least Privilege Access are two examples of limiting access privileges based on roles and responsibilities, ensuring that employees only have access to the information necessary for their job functions.

Regular security audits and penetration testing

Firms should conduct regular security audits and penetration testing to identify weaknesses in their systems, networks, and applications. Addressing any vulnerabilities promptly and implementing patches and updates is essential to maintain good cyber security.

Employee training and awareness

Firms are only as strong as their most vulnerable element, which is frequently the employee. Educating employees about cyber security best practices is critical. Training may include how to recognize phishing attempts, the importance of strong passwords, and the risks associated with sharing sensitive information. Desktop training exercises expose users to real-life scenarios and best practices. Cultivating a culture of security awareness throughout the organization is essential.

Incident response planning and testing

It is recommended that firms develop and regularly update an incident response plan that outlines procedures for detecting, responding to, and recovering from cyber security incidents. It is also important to ensure that employees receive training on their specific roles and responsibilities during a security breach. Testing the incident response plan should include detailed procedures for each role to ensure all employees know what actions to take and when.

Vendor management

It is important to examine and monitor third and fourth-party vendors and service providers to ensure they meet cyber security standards and comply with regulatory requirements. Firms should establish contractual agreements that outline security expectations and responsibilities.

Data encryption and protection

Encrypting sensitive data to protect it from unauthorized access both in transit and at rest is a key element of good cyber security. Firms must ensure that they implement data classification and data loss prevention (DLP) solutions to monitor and control the flow of sensitive information within the organization.

Continuous monitoring and threat intelligence

Implementing advanced security tools and technologies allows for real-time detection of potential network vulnerabilities, as well as monitoring of network traffic, system logs, and user activities. Utilizing threat intelligence feeds keeps firms updated on emerging threats and vulnerabilities.

Compliance and regulatory compliance

Staying abreast of relevant regulations and compliance requirements, such as GDPR, DORA, and others applicable to the asset management industry is essential, along with ensuring that cyber security practices align with regulatory standards and industry best practices.

Executive leadership and governance

Firms should establish clear governance structures and identify senior executives that are responsible for cyber security oversight. It is important to ensure that cyber security initiatives align with business objectives and receive adequate support and resources from executive leadership.

FundBank’s commitment to cybersecurity and risk mitigation

Albert Chin, Senior Vice President, Operations commented:

“”

At FundBank, we take our role in the prevention of cyber security attacks extremely seriously and are committed to minimizing risk and ensuring the security of our customers’ information.

We prioritize cyber security through ongoing investment in advanced technologies and rigorous protocols and our efforts are led by our strong and experienced technology team.

If you would like to find out more about how FundBank is working with its clients to mitigate cyber security risk, please reach out to us today.

Contact Us
Share:

More like this

The FundBank Spotlight London

FundBank was delighted to host the latest in its series of the FundBank Spotlight in London this week.
Read more

FundBank launches in the U.S.

Today marks a significant milestone for U.S. banking services with the official launch of FundBank N.A. (hereinafter referred to as…
Read more

Do you HODL?

On October 9th, 2024 our FundBank team was delighted to host a breakfast discussion to over 75 of our industry…
Read more