Asset owners demand info on cybersecurity processes
Skip to main content
pilogo-NEW
Subscribe
  • Subscribe
  • My Account
  • login
  • NEWS
    • Asset owners and the coronavirus
    • Alternatives
    • Consultants
    • Coronavirus
    • Defined Contribution
    • ESG
    • Frontlines
    • Hedge Funds
    • Investing / Portfolio Strategies
    • Money Management
    • Pension Funds
    • People Moves
    • Private Equity
    • Real Estate
    • Searches & Hires News
    • SECURE Act
    • Special Reports
    • WorldPensionSummit
    • Ron Schmitz
      Pandemic drives faster transition for Virginia to private markets
      Mubadala Investment Co. logo
      Mubadala draws on portfolio in coronavirus fight
      T.J. Carlson
      Texas Muni reduces downside risk during pandemic, finding opportunities now
      Scott Davis
      ‘Triage plan’ at Indiana system helped stem losses
    • Non-profit questions dividend recapitalization play at Ares portfolio company
      Walker & Dunlop appoints managing director
      Digital Alpha raises more than $1 billion for infrastructure fund
      A healthcare worker provides care for a COVID-19 patient in the intensive care unit at the Saint Joseph hospital in Marseille, France, on Nov. 20, 2020.
      Private equity’s health-care role draws spotlight
    • Philip Pearson
      Hymans Robertson chooses head of LGPS investment
      Daniel Celeghin
      Indefi hires New York-based managing partner
      Hub International continues buying spree with IBG acquisition
      Callan brings on 2 executives
    • Insurers taking on more portfolio risk as pandemic ebbs – survey
      American flags outside the New York Stock Exchange
      Stock shorts collapse as no hedge fund wants ‘head ripped off’
      Michelle Dunstan
      Move to link exec pay to ESG integration growing
      The J.P. Morgan Chase logo displayed at a branch bank
      J.P. Morgan sells $13 billion of bonds in largest-ever bank deal
    • Pentegra joins with EPIC to offer 3(16) fiduciary services
      Joseph Healy
      Smaller DC plans place greater focus on improving financial wellness efforts
      Interest rises in keeping retiree assets in-plan
      Pentegra launches pooled employer plan
    • Yale rolls out 5 principles for endowment on fossil-fuel investing
      Pension funds hear from beneficiaries on ESG – report
      Ivanhoe Cambridge sets 2040 net-zero carbon goal
      Church Commissioners set 25% emissions reduction target by 2025
    • Riscura stories
      Dystopian tales explore altered retirement reality
      Joel Holsinger
      Ares wants to do good – and profit – with fund
      Girls Who Invest
      MetLife plans 3 internships for Girls Who Invest scholars
      Model home
      Resmark sees niche in buying, leasing model homes
    • Karen Karniol-Tambour
      Bridgewater appoints 2 co-CIOs to oversee new sustainable investing group
      Hedge funds post best first-quarter return since 2000
      Jason Kephart
      Managers see good times ahead in 2021
      Jev Mehmet, CEO of Brevan Howard's Coremont unit
      Brevan Howard runs $50 billion unit like BlackRock’s Aladdin
    • Yale rolls out 5 principles for endowment on fossil-fuel investing
      Appeals court sides with fiduciaries in Edison stock-drop suit
      Insurers taking on more portfolio risk as pandemic ebbs – survey
    • Bill Hench
      First Eagle gives wing to small-cap equity team with liftout from Royce
       Kaitlin M. May
      Putnam Investments names head of global institutional management
      Paul Griffiths
      HSBC Asset Management selects next global head of institutional business
      Alex Bernhardt
      BNP Paribas AM picks global head of sustainability research
    • PennPSERS taps Verus for oversight consulting services amid probe
      State pension plan funding advances in first quarter – Wilshire
      Sacramento County Employees rebalances equity, fixed-income portfolios
      CAAT pension plan scores 11.1% gain in 2020
    • Walker & Dunlop appoints managing director
      Bill Hench
      First Eagle gives wing to small-cap equity team with liftout from Royce
      Philip Pearson
      Hymans Robertson chooses head of LGPS investment
       Kaitlin M. May
      Putnam Investments names head of global institutional management
    • European private equity deal value, volume hit records for first quarter
      Paul Morrissey
      Blackstone Growth picks managing director to lead European investing
      Bills of euro, dollar and pound currencies, among others
      Ardian closes latest buyout fund at $8.8 billion
      Hand typing on stationary iPhone at an office reception desk
      Private equity’s taste for tech spurs $80 billion deal spree
    • BentallGreenOak closes latest European fund at $2.3 billion
      Cohen & Steers adds team for new private real estate business
      Australia’s Centuria makes takeover bid for Primewest
      CalSTRS indutrial property
      Investors hungry for industrial properties
    • Andy Schreiner
      New PEPs targeting firms without retirement plans
      Jackie Walorski
      Contribution catch-up for caregivers gaining favor
      Neal and Brady
      Retirement security could be only issue both sides accept
      Retirement cartoon
      Hopes rising for retirement readiness in 2021
    • A coin representing Bitcoin cryptocurrency in the U.K.
      Cryptocurrency and digital assets
      Corporate pension contributions
      Eddy Awards 2021
      COVID-19: One year in
    • U.S. still a key market for investors
      Collected coverage of P&I's 2020 WorldPensionSummit
      Pedestrians pass a large advertisement on the Arndale Center shopping mall reading 'Act now to avoid a local lockdown' in Manchester, England
      COVID-19 puts new opportunities and risks on the agenda - WPS panelists
      Screens display stock price information over the trading floor of the NYSE Euronext exchange in Paris
      Private assets will continue to grow in portfolios – WPS panelists
  • Data
    • Research Center
    • Searches & Hires Database
    • Searches & Hires News
    • RFPs
    • Charts / Infographics
    • Sponsored Research
    • Trackers
    • Q2 2020 searches and hires overview report
      Q2 2020 money manager M&A activity summary
      Q2 2020 legal overview report
      Q1 2020 searches and hires overview report
    • Rhode Island commits $25 million to buyout fund
      Chicago Policemen on lookout for passive manager
      Iowa Public Employees seeks investment consultant
      New York State Common slates $400 million for renewable energy
    • Rhode Island commits $25 million to buyout fund
      Chicago Policemen on lookout for passive manager
      Iowa Public Employees seeks investment consultant
      New York State Common slates $400 million for renewable energy
    • Emerging Market Debt Manager Services
      Real Assets Consultant
      Passive Investment Management Services
      Active Extended Global Credit Manager Search
    • High-yield spreads narrow, default rates drop
      Private real estate funds continue rebound
      Managed account adoption stalls in 2020
      U.S. bonds have worst quarterly return since 1981
    • Institutional Investors: Shared Expectations, Divergent Paths
      Global Investor Study 2016
      Workplace Financial Wellness
    • U.S. Endowment Returns Tracker
      Pension Fund Returns Tracker
      Earnings Tracker
      Corporate Pension Contribution Tracker
  • Insights
    • Opinion
    • White Papers
    • Industry Voices
    • Letters to the Editor
    • Partner Content
    • Publisher's Update
    • Marcie Frost
      CalPERS: Urgency underscores all areas of providing retirement security
      BPTW cartoon
      P&I’s Best Places to Work marking a milestone
      CalPERS cartoon
      Urgency underscores CalPERS' search for a CIO
      Multiemployer plans cartoon
      Money — but no fixes — for multiemployer plans
    • Bipsync Client Stories: RMS in Action at Pensions and Superannuation Funds
      COVID-19 Makes LP Portfolio Management More Important Than Ever
      China: the outlook is bright for longer-term investors
      Finding Differentiation in Securitized Assets
    • John Bakarat
      Commentary: COVID-19 and real estate debt – where investors should be looking
      Jake Remley
      Commentary: Inflation expectations vs. reality in the bond market
      Greg Shea and Steven Kindred
      Commentary: The solution for yield-seeking allocators may be hiding in plain sight
      Jim Park
      Commentary: Asian Americans, Pacific Islanders face ‘bamboo ceiling’ in money management
    • Marcie Frost
      CalPERS: Urgency underscores all areas of providing retirement security
      Writer using a typewriter
      OCIO industry needs to adopt GIPS
      Writer or journalist workplace. stock illustration
      Even as it assails China, Trump administration emulates it
      Skeptical of Main Street support for proxy adviser proposal
    • P&I Content Solutions
      Research for Institutional Money Management
      P&I Content Solutions
      Top questions for institutional investors
      Sponsored Content By Newton Investment Management
      Growth and Innovation in Emerging Markets
      P&I Content Solutions
      Fixed income 2021
    • Help us help you by supporting quality journalism
      You Must Believe in Spring
      Everything Must Change
      Tomatoes & Investments
  • Multimedia
    • Videos
    • Webinars
    • Polls
    • Slideshows
    • Charts / Infographics
    • Invesco logo shown on the floor of the New York Stock Exchange
      watch video
      1:28
      Invesco’s bid for performance gains
      watch video
      1:23
      The passive fixed-income glut
      watch video
      1:38
      Is it time for DC plans to embrace private equity?
      watch video
      5:39
      The coronavirus pandemic: One year later
    • New Outlook on Income: A Framework for Evaluating DC Retirement Income Solutions
      Investing in infrastructure at the right price
      Time for Action: Shifting Pension Dynamics from a Macro and Regulatory Relief Perspective
      Understanding the PEP Evolution
    • POLL: Cryptocurrency investing
      POLL: The Biden infrastructure plan
      POLL: Retirement income solutions
      POLL: Working after the pandemic
    • view gallery
      9 photos
      Coronavirus and the markets
      view gallery
      22 photos
      The 1,000 largest retirement funds: 2020
      view gallery
      10 photos
      Outlook 2020
      view gallery
      10 photos
      2019 as seen through the eyes of Roger
    • High-yield spreads narrow, default rates drop
      By the Numbers for April 2021
      Graphic: The state of DC plans
  • Events
    • Conferences
    • Webinars
    • DC Investment Lineup Virtual Series
      ESG Investing Virtual Series
      Private Markets Virtual Series
      Retirement Income Conference
    • New Outlook on Income: A Framework for Evaluating DC Retirement Income Solutions
      Investing in infrastructure at the right price
      Time for Action: Shifting Pension Dynamics from a Macro and Regulatory Relief Perspective
      Understanding the PEP Evolution
  • Careers
  • Research Center
MENU
Breadcrumb
  1. Home
  2. ASSET OWNERS
February 09, 2015 12:00 AM

Asset owners demand info on cybersecurity processes

Rick Baert
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Brett Kramer
    Marla J. Kreindler said security is ultimately the fund's responsibility.

    Insufficient cybersecurity is becoming a deal breaker for firms that provide investment services to defined benefit and defined contribution plans.

    An increasing number of requests for proposals now require firms to detail their cybersecurity procedures, the result of heightened concerns of the potential for data breaches and hackers.

    “There are differences in cybersecurity procedures among providers, but now this has become an important part of everyone's due diligence,” said Gregg Sommer, Chicago-based principal and head of operational risk assessment at Mercer Sentinel, the investment operations consulting business of Mercer LLC. He said that what once was considered only best practice among asset owners, with due diligence focusing on only the largest money managers, is now “a market practice, where cybersecurity information is required by all plans from all providers.”

    “It's no longer a question of whether (a provider) has cybersecurity procedures or doesn't,” Mr. Sommer said. “The issue is how extensive they are.”

    Said David Holmgren, chief investment officer of Hartford HealthCare, Hartford, Conn.: “Cybersecurity is becoming a bigger issue (and) is a huge component of all our RFPs.” As a health-care provider, Hartford HealthCare has a heightened sensitivity to data security and confidentiality rules, he noted. “We apply this scrutiny on cybersecurity to all our contracts, including those providers for pension plans,” Mr. Holmgren said. Hartford HealthCare has $3 billion in pension, insurance and endowment assets.

    Due diligence crucial

    Due diligence is crucial before asset owners even get to the RFP stage, said William Atwood, executive director of the $13.1 billion Illinois State Board of Investment, Chicago. “One of the things we rely on in cybersecurity is our early due-diligence process in seeking providers,” Mr. Atwood said. “We want providers with a strong technology base who understand and are sensitive to the need for data security.”

    “We're seeing more and more security issues addressed in RFPs,” said Michael Pillion, Philadelphia-based partner at Morgan, Lewis & Bockus LLP. Mr. Pillion said there also are “more negotiations on adding data security terms. There's more attention to detail (in data security). It's something that's developing and will continue to.”

    The potential for internal breaches also should concern asset owners, said Marla J. Kreindler, partner at Morgan, Lewis in Chicago.

    Among the issues Ms. Kreindler cited: hackers accessing trust accounts and creating fraudulent billing accounts to draw assets; the use of passwords by multiple plan participants; and fraudulent e-mails that try and glean information from plan employees or participants.

    “Ultimately (data security) is still the plan sponsor's responsibility. They can't just contract out responsibility for data breaches to third parties. ... It's not just about the contract. It's who is the plan sponsor choosing as a service provider. What due diligence has the plan sponsor done on the provider on important data questions, like who manages their server? Is it the provider or a third party? And is the server or the provider in another country? Those need to be known by the plan sponsor in the RFP process and then details about this have to be addressed and locked down in the contract,” Ms. Kreindler said.

    Well founded

    Asset owners' concerns over providers' data security appear to be well founded.

    According to a report released last week by the Securities and Exchange Commission, 74% of money managers and other registered investment advisers surveyed said they've been the subject of a cyber-related incident directly or through their external providers.

    Also, while 79% of respondents conduct periodic risk assessments to identify cybersecurity threats and potential business consequences, only 32% apply those assessment requirements to their outside vendors.

    Money managers and other service providers are responding to RFP requests for cybersecurity details, said Freeman Wood, principal at Mercer Sentinel in Chicago. They are, for example, detailing how they're proactively testing internal controls to fight cyberattacks. They're also vigorously scrutinizing their outsourced vendors, which Mercer Sentinel's Mr. Sommer said is a new phenomenon.

    Managers' third-party providers under review include custodians, fund administrators and other middle- and back-office providers and “any organization that has a firm's confidential information — client information, portfolio information into possible trades — and actual access to money through any means, not just the ones you would think of,” Mr. Sommer said.

    He cited the 2013 Target Corp. data breach, which eventually was discovered to have come from a computer of a heating and air-conditioning firm under contract to the retailer. “It's any vendor, providing any service, that has a link to that firm's data.”

    A greater focus — and one often overlooked — is physical security, Mr. Sommer said. “With so much business activity now being done outside the office, it's encrypting laptops and personal devices, but it's also securing against access to a company's server. Outside office access is now integral in our reviews of provider security.”

    Breaches can also be accidental but still risky, said John Barlament, partner, data privacy, at Quarles & Brady LLP, Milwaukee. Last month, a third-party administrator for DB and DC plans accidentally disclosed Social Security numbers, account balances and other information from participants in one company plan to another plan, which automatically downloaded the information into its database. “The vendor had one site where all clients could access via password,” Mr. Barlament said. “That was totally inadvertent, with no malicious intent. It wasn't a case of a disgruntled employee. But regardless, it was a data breach.” He would not name the parties involved.

    William Stone, CEO of financial services software and fund administration service provider SS&C Technologies Inc., Windsor, Conn., said a big concern for providers “is from within. It's more likely that employees can get into systems. That's why you need strict monitoring ... to be able to spot suspicious activity.”

    “You also need layers (of security). First the walls, then the moat, and then the people with the shotguns.”

    Keith Overly, executive director of the $9.7 billion Ohio Public Employees Deferred Compensation Program, Columbus, has internal concerns over data security because record-keeping is done in-house. Among the program's internal security checks is an audit by an accounting firm every two years that looks at the plan's “physical and electronic security. They actually try to breach our system. The good news is that they haven't been able to.” n

    Related Articles
    Firms see costs escalating for cyberthreat protections
    Banks join technology chiefs to press Congress for cybersecurity bill
    SEC outlines cybersecurity guidance for money managers, advisers
    Technology outsourcing without giving away the farm
    More firms buy insurance for cyberattacks
    G-7 countries establish elements to target cybersecurity in global finance indu…
    Plans face threats to crucial data
    Managers might see cybersecurity regulations soon
    Recommended for You
    IMCO returns 5.4% in 2020
    IMCO returns 5.4% in 2020
    State-owned investors found lacking in female representation
    State-owned investors found lacking in female representation
    Asset owners record 9.4% gain in Q4
    Asset owners record 9.4% gain in Q4
    Top questions for institutional investors
    Sponsored Content: Top questions for institutional investors
    sponsored
    Events
     
     
    Sponsored
    White Papers
    Bipsync Client Stories: RMS in Action at Pensions and Superannuation Funds
    COVID-19 Makes LP Portfolio Management More Important Than Ever
    China: the outlook is bright for longer-term investors
    Finding Differentiation in Securitized Assets
    Green and sustainable bonds in emerging markets
    Portfolio Protection: One Size Fits None
    View More
    Sponsored Content
    Partner Content
    The Industrialization of ESG Investment
    For institutional investors, ETFs can make meeting liquidity needs easier
    Gold: the most effective commodity investment
    2021 Investment Outlook | Investing Beyond the Pandemic: A Reset for Portfolios
    Ten ways retirement plan professionals add value to plan sponsors
    Gold: an efficient hedge
    View More
    E-MAIL NEWSLETTERS

    Sign up and get the best of News delivered straight to your email inbox, free of charge. Choose your news – we will deliver.

    Subscribe Today
    April 5, 2021 Page One

    Get access to the news, research and analysis of events affecting the retirement and institutional money management businesses from a worldwide network of reporters and editors.

    Subscribe
    Connect With Us
    • RSS
    • Twitter
    • Facebook
    • LinkedIn

    Our Mission

    To consistently deliver news, research and analysis to the executives who manage the flow of funds in the institutional investment market.

    pilogo-NEW
    About Us

    Main Office
    685 Third Avenue
    Tenth Floor
    New York, NY 10017-4036

    Chicago Office
    150 N. Michigan Ave.
    Chicago, IL 60601

    Contact Us

    Careers at Crain

    About Pensions & Investments

     

    Advertising
    • Media Kit
    • P&I Content Solutions
    • P&I Careers | Post a Job
    • Reprints & Permissions
    Resources
    • Subscribe
    • Newsletters
    • FAQ
    • P&I Research Center
    • Site map
    • Staff Directory
    Legal
    • Privacy Policy
    • Terms and Conditions
    • Privacy Request
    Pensions & Investments
    Copyright © 1996-2021. Crain Communications, Inc. All Rights Reserved.
    • NEWS
      • Asset owners and the coronavirus
      • Alternatives
      • Consultants
      • Coronavirus
      • Defined Contribution
      • ESG
      • Frontlines
      • Hedge Funds
      • Investing / Portfolio Strategies
      • Money Management
      • Pension Funds
      • People Moves
      • Private Equity
      • Real Estate
      • Searches & Hires News
      • SECURE Act
      • Special Reports
      • WorldPensionSummit
    • Data
      • Research Center
      • Searches & Hires Database
      • Searches & Hires News
      • RFPs
      • Charts / Infographics
      • Sponsored Research
      • Trackers
    • Insights
      • Opinion
      • White Papers
      • Industry Voices
      • Letters to the Editor
      • Partner Content
      • Publisher's Update
    • Multimedia
      • Videos
      • Webinars
      • Polls
      • Slideshows
      • Charts / Infographics
    • Events
      • Conferences
      • Webinars
    • Careers
    • Research Center