Money managers see costs escalating for cyberthreat protections
Skip to main content
pilogo-NEW
Subscribe
  • Subscribe
  • My Account
  • login
  • NEWS
    • Asset owners and the coronavirus
    • Alternatives
    • Consultants
    • Coronavirus
    • Defined Contribution
    • ESG
    • Frontlines
    • Hedge Funds
    • Investing / Portfolio Strategies
    • Money Management
    • Pension Funds
    • People Moves
    • Private Equity
    • Real Estate
    • Searches & Hires News
    • SECURE Act
    • Special Reports
    • WorldPensionSummit
    • Ron Schmitz
      Pandemic drives faster transition for Virginia to private markets
      Mubadala Investment Co. logo
      Mubadala draws on portfolio in coronavirus fight
      T.J. Carlson
      Texas Muni reduces downside risk during pandemic, finding opportunities now
      Scott Davis
      ‘Triage plan’ at Indiana system helped stem losses
    • Varagon Capital fills new business development role
      Fitch Group in deal to acquire CreditSights
      Credit managers’ outlook still gloomy but brightening – survey
      Digital Colony picks head of Europe capital formation
    • Will Martindale
      Cardano Group chooses group head of sustainability
      Meketa hires first chief marketing officer
      Nick Horsfall
      Redington names managing directors for investment consulting team
      Marsh & McLennan Agency sets sights on Compass Financial
    • New York State Common challenges Tyson’s dual-share stock structure
      Credit managers’ outlook still gloomy but brightening – survey
      Investors call for action on COVID-19-induced humanitarian crisis at sea
      U.S. jobs worker restaurant
      Job market slipped in December as virus surge hindered activity
    • Ascensus, Empower acquire Truist record-keeping business
      PCS Retirement acquires Alliance Benefit Group-Rocky Mountain
      Shawn O'Brien
      Annuities coming to target-date funds, but not right away
      David Ireland
      Sponsors returning to questions about in-plan annuities
    • New law requires MassPRIM to increase diversity of managers, consultants
      Impact investors getting savvier, more efficient – report
      SSGA alum named head of ESG at Mirova
      Aegon moves to cut carbon from workplace DC business
    • Galina Churkina
      Building research earns honor from Aquila Capital
      Blackstone holiday video
      Blackstone would like to show you how things are done around the office
      MacArthur Foundation invests in women’s safe housing fund
      Robot illustration
      Thomas H. Lee Partners sees robots driving future returns
    • The Sun Hung Kai Properties Ltd. logo is displayed on the Sun Hung Kai Centre building in Hong Kong on Sept. 13, 2018
      SHK spins out East Point Asset Management
      Man holding a business card with Hedge Fund written on it
      Hedge funds chalk up decade’s best returns in 2020 – HFR
      New hedge fund launches surpass liquidations in third quarter
      Michael Hintz
      CQS deal with spinoff team falls apart
    • New York State Common challenges Tyson’s dual-share stock structure
      A sign on the exterior of a Northern Trust Corp. branch in Chicago on July 13, 2017
      Northern Trust to cut 500 jobs
      Wells Fargo targets $8 billion in cuts
      Maine Public Employees boosts target to alternative credit
    • A sign on the exterior of a Northern Trust Corp. branch in Chicago on July 13, 2017
      Northern Trust to cut 500 jobs
      Wells Fargo targets $8 billion in cuts
      A sign at a China Telecom Corp. store in Shanghai on Jan. 6, 2021
      Managers make further divestments from sanctioned Chinese firms
      The Chinese flag flies in front of the Liaison Office of the Central People's Government in Hong Kong on May 22, 2020
      Standard Life Aberdeen JV to open mainland China pension insurance company
    • Maine Public Employees boosts target to alternative credit
      Los Angeles City Deferred Comp narrows list to 2 in manager search
      Connecticut pension fund CIO resigns
      Arizona State Retirement looking for CIO
    • Sharmila Chatterjee Kassam
      AIF Institute hires former Texas ERS deputy CIO as executive director
      Varagon Capital fills new business development role
      SSGA alum named head of ESG at Mirova
      Capital Group hires BlackRock executive to launch ETF unit
    • Pension funds continue private equity investing spree
      Big jump in private equity AUM expected over next 5 years
      Thoma Bravo takes in $22.8 billion for 3 funds
      Jason Thomas
      Data, technology become new prized possessions
    • Ivanhoe Cambridge Inc. signage is displayed outside the company's office near Bay Street in Toronto on Aug. 29, 2011
      Ivanhoe Cambridge, PAG announce joint venture for Japan logistics investments
      Residential buildings in Hong Kong on Feb. 20, 2020
      KKR closes first Asia-Pacific real estate fund at $1.7 billion
      CPPIB in deal with Greystar to develop U.S. housing
      Global real estate investments to hit $79 billion in 2021 – survey
    • Retirement cartoon
      Hopes rising for retirement readiness in 2021
      Neal and Brady
      Retirement security could be only issue both sides accept
      David Ireland
      Sponsors returning to questions about in-plan annuities
      Shawn O'Brien
      Annuities coming to target-date funds, but not right away
    • Outlook 2021
      The top 10 stories of 2020
      The best places to work in money management
      Investment consultants
    • U.S. still a key market for investors
      Collected coverage of P&I's 2020 WorldPensionSummit
      Pedestrians pass a large advertisement on the Arndale Center shopping mall reading 'Act now to avoid a local lockdown' in Manchester, England
      COVID-19 puts new opportunities and risks on the agenda - WPS panelists
      Screens display stock price information over the trading floor of the NYSE Euronext exchange in Paris
      Private assets will continue to grow in portfolios – WPS panelists
  • Data
    • Research Center
    • Searches & Hires Database
    • Searches & Hires News
    • RFPs
    • Charts / Infographics
    • Sponsored Research
    • Trackers
    • Q2 2020 searches and hires overview report
      Q2 2020 money manager M&A activity summary
      Q2 2020 legal overview report
      Q1 2020 searches and hires overview report
    • San Jose Federated commits $11 million to real estate fund
      Essex Pension Fund on the lookout for private debt manager
      Lexington Contributory wants large-cap equity manager
      Fort Lauderdale fund scouting for large-cap manager
    • San Jose Federated commits $11 million to real estate fund
      Essex Pension Fund on the lookout for private debt manager
      Lexington Contributory wants large-cap equity manager
      Fort Lauderdale fund scouting for large-cap manager
    • International Small Cap Manager Services
      Financial Expertise
      Passive Index Manager Services
      Emerging Markets Equity Investment Management Services
    • U.S. fixed-income returns post another positive year
      Nasdaq delivers an impressive year
      U.S. dollar's recent decline continues
      Hedge funds warming up to financial sector, remain long U.S. equities
    • Institutional Investors: Shared Expectations, Divergent Paths
      Global Investor Study 2016
      Workplace Financial Wellness
    • U.S. Endowment Returns Tracker
      Pension Fund Returns Tracker
      Earnings Tracker
      Corporate Pension Contribution Tracker
  • Insights
    • Opinion
    • White Papers
    • Industry Voices
    • Letters to the Editor
    • Partner Content
    • Publisher's Update
    • Retirement cartoon
      Hopes rising for retirement readiness in 2021
      view gallery
      25 photos
      Cartoons depict a year like no other
      view gallery
      25 photos
      2020 in editorial Cartoons
      Consultants cartoon
      Seeking an investment consultant? Caveat emptor
    • Climate change and emerging markets after Covid-19
      An Asset Owner's Guide to Multi-Manager Portfolio Management
      Research for Institutional Money Management
      The Future of the U.S. Dollar - Dominant currency or one of many?
    • Michael McNally
      Commentary: New ‘investment-plus’ test poses risks to private equity investors
      Adam Waterous
      Commentary: Institutions urged to act now on opportunities created by current global oil disruption
      Ron Lagnado
      Commentary: Straw man critiques don’t hold up in face of real world success
      Robert Raben
      Commentary: What the asset management industry must do to bolster diversity
    • Writer using a typewriter
      OCIO industry needs to adopt GIPS
      Writer or journalist workplace. stock illustration
      Even as it assails China, Trump administration emulates it
      Skeptical of Main Street support for proxy adviser proposal
      Focus on manager diversity pushes asset owners’ to walk the talk
    • Sponsored Content By iShares
      ETFs are becoming a cornerstone of insurance equity portfolios
      Sponsored Content By Aberdeen Standard Investments
      Taking a passive approach to the hedge-fund universe
      Sponsored Content By World Gold Council
      Gold: the most effective commodity investment
      Sponsored Content By iShares
      For institutional investors, ETFs can make meeting liquidity needs easier
    • Help us help you by supporting quality journalism
      You Must Believe in Spring
      Everything Must Change
      Tomatoes & Investments
  • Multimedia
    • Videos
    • Webinars
    • Polls
    • Slideshows
    • Charts / Infographics
    • watch video
      1:24
      U.S. stocks were 2020’s comeback kid
      watch video
      1:23
      Outlook 2021
      watch video
      1:52
      Buy gold's pullback?
      Coronavirus and the S&P 500: 2020
    • Getting Back to Normal: How to Creatively Manage Fixed Income Portfolios in a Rising Rate Environment
      What might a Biden DOL and SEC mean for retirement plans?
      Staying on target with target-date funds
      The Institutionalization of Retail Part Two: A Webinar Series from P&I Content Solutions and Chestnut Advisory Group
    • POLL: Retirement issues in 2021
      POLL: Money managers' priority in Asia-Pacific region
      POLL: Retirement issues in the presidential election
      POLL: The S&P 500 in the third quarter
    • view gallery
      9 photos
      Coronavirus and the markets
      view gallery
      22 photos
      The 1,000 largest retirement funds: 2020
      view gallery
      10 photos
      Outlook 2020
      view gallery
      10 photos
      2019 as seen through the eyes of Roger
    • Graphic: U.S. stocks were 2020's comeback kid
      U.S. fixed-income returns post another positive year
      By the Numbers
  • Events
    • Conferences
    • Webinars
    • Defined Contribution Spring Virtual Series
      DC Investment Lineup Virtual Series
      ESG Investing Virtual Series
      Private Markets Virtual Series
    • Getting Back to Normal: How to Creatively Manage Fixed Income Portfolios in a Rising Rate Environment
      What might a Biden DOL and SEC mean for retirement plans?
      Staying on target with target-date funds
      The Institutionalization of Retail Part Two: A Webinar Series from P&I Content Solutions and Chestnut Advisory Group
  • Careers
  • Research Center
MENU
Breadcrumb
  1. Home
  2. MONEY MANAGEMENT
February 23, 2015 12:00 AM

Money managers see costs escalating for cyberthreat protections

Constant changes make budgets hard to determine

Rick Baert
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Rohanna Mertens
    Alan Kosan said recent breaches at two companies illustrate how overall protection needs to be increased, with costs being passed on to customers.

    Cybersecurity is a growing cost for institutional money management firms.

    Protecting client assets, proprietary information, investment strategies, trading activities and systems has led to increased spending: The Ponemon Institute, an independent data protection research firm in Traverse City, Mich., said the average cyberprotection cost for financial services firms was $20.8 million in 2014 and is expected to be an annualized $17.6 million over the next five years.

    Only energy companies, utilities and defense firms are expected to pay higher annual cyber costs.

    Among global money managers surveyed by Cerulli Associates, Boston, 36% are spending $15 million each annually on cybersecurity. Another 36% are spending between $30 million and $38 million a year. Also, all respondents said they expect money manager cybersecurity spending to rise over the next few years.

    Money management officials contacted for this story said their spending on cybersecurity generally ranges from 5% to 6% of their total information-technology budget.

    A security executive at a large institutional money manager, who spoke on condition of anonymity, said the amount his company spent on cybersecurity in 2014 — about $10 million — was 20% higher than in 2013 because of investment in new security controls. He said the firm's cybersecurity costs are expected to go up in the next few years following the implementation of new projects now being considered, but determining exactly how much will need to be budgeted is difficult.

    “The challenge we have is that there are so many changes made in cybersecurity products, and you can build a two year-strategy based on their costs, but that projection isn't worth a damn if hackers get into your system,” he said. “Then the costs are anyone's guess.”

    Varying costs

    The costs vary because of the kinds of things that need to be protected at an institutional manager, said a security executive at another large firm, who also spoke on condition of anonymity. “There are a number of things to go after depending on the intent,” he said. “A manager like us, with the large volume of data we have, that would make us a target. But some of these (cyberattackers) are very smart. If they hacked into a (corporate) treasury account, let's say, they could steal a large amount of money from that. They could set up a false vendor billing and get themselves paid for quite some time. As a money manager, we also have a large amount of information on potential mergers and acquisitions. That could be very valuable.”

    Recent breaches at health insurer Anthem Inc. and retailer Home Depot U.S.A. Inc. “showed there was a disturbing lack of encryption instituted at those firms,” said Alan Kosan, senior vice president and head of alpha investment research at consultant Segal Rogerscasey, Darien, Conn. “It means an overall increase in cyberprotection capabilities” is needed. “This costs money to do. Those costs will be passed on to customers via higher fees.”

    Mr. Kosan said it's too early to estimate how much fees would increase.

    Institutional money managers might not face the same specific threats as retail managers and banks, which have more Internet-based personal client information that hackers can target.

    Still, “the stakes are greater” for institutional managers, said Eric Hess, managing partner at New York-based Hess Legal Counsel LLC, which advises broker-dealers and money management firms. “It's intriguing in that as you move up the scale of investor sophistication, the vectors of attacks are reduced, but the consequences of success of attacks are worse. In retail, the clients are more exposed. In institutional, the managers themselves are more exposed.”

    “The real threat would be in front-running trading,” said one of the cybersecurity executives. “That's where the value (of hacking a money manager) would be. You hear about the noisy stuff, like hacking at banks, but if a hacker were to be able to find out, let's say, that an asset manager is about to unload a million shares of IBM, that information could be huge to them, and it would be hacking that wouldn't be as obvious. If the market plunges 400 points because of front-running, it'd be hard to see the cause of the decline for a while.”

    A cyberattack on an institutional manager would create questions of liability for the losses. Unlike the theft of personal data, which is covered by privacy laws in 47 states, no similar laws exist for data-breach liability, Mr. Hess said.

    That's why negotiations between money managers and asset owners over contracts are specifying manager responsibility in cybertheft-related losses. “If an organization has access to personal identifiable information, their responsibility increases substantially vs. institutions that don't have this underlying information,” Mr. Hess said. “That's not covered under the state laws. But even without that underlying information, (vendors) will be subject to the expectations of their clients. They don't have the same kind of regulatory overhang, but clients do have rising expectations.”

    Cybercriminals can access individuals' data from retail firms and retirement plan service providers with web-based access for participants. But institutional investment management firms' data and information are less accessible because most are kept on closed systems. Mr. Hess said that makes entry into institutional managers' systems more likely to come via phishing and “spoofing” — mimicking the actions of a money manager executive and then lulling others at the firm into believing they're being asked by the executive to access the company computer system or an actual account.

    “The attacker must have a lot of information to break into a money manager,” Mr. Hess said. “The hacker must know the company. The danger is social engineering; at the organization, knowing who deals with whom and what.”

    And once in — usually through viruses or code downloaded through e-mails inadvertently opened by employees at money managers — cybercriminals can have full access with no tip-off that a hack occurred.

    Internal vigilance

    The need for internal vigilance was highlighted by a Feb. 3 report from the Securities and Exchange Commission that showed 43% of money managers and other registered investment advisers reported receiving fraudulent e-mails seeking to transfer client funds.

    Hackers also try to exploit other means of entry, putting money managers on alert:



    • the direct placement of malware into a manager's computer system to disrupt operations;

    • the creation of false billing accounts to draw assets;

    • ransomware, which can be used to infiltrate operating systems and later be used to extort money from a manager; and

    • the placement of hacking code into company computer systems by employees accessing news websites, blogs, industry group websites where hackers have inserted the code in “anything that accepts comments,” said one of the money manager security executives.

    Related Articles
    Joint effort with FBI targets cyberthreats
    SEC: Vast majority of managers, broker-dealers reported cyber-related incidents
    Asset owners demand info on cybersecurity processes
    Banks join technology chiefs to press Congress for cybersecurity bill
    SEC outlines cybersecurity guidance for money managers, advisers
    Deloitte: Most DC plans are confident in providers' cybersecurity policies
    State Street reports contractor took data from alternatives administration unit
    More firms buy insurance for cyberattacks
    G-7 countries establish elements to target cybersecurity in global finance indu…
    Plans face threats to crucial data
    Recommended for You
    Northern Trust to cut 500 jobs
    Northern Trust to cut 500 jobs
    Wells Fargo targets $8 billion in cuts
    Wells Fargo targets $8 billion in cuts
    Managers make further divestments from sanctioned Chinese firms
    Managers make further divestments from sanctioned Chinese firms
    Research for Institutional Money Management
    Sponsored Content: Research for Institutional Money Management
    sponsored
    Events
     
     
    Sponsored
    White Papers
    Climate change and emerging markets after Covid-19
    An Asset Owner's Guide to Multi-Manager Portfolio Management
    Research for Institutional Money Management
    Bond ETFs show maturity during Covid market mayhem
    Global gold-backed ETFs: A popular gateway to the gold market
    The Future of the U.S. Dollar - Dominant currency or one of many?
    View More
    Sponsored Content
    Partner Content
    The Industrialization of ESG Investment
    For institutional investors, ETFs can make meeting liquidity needs easier
    Gold: the most effective commodity investment
    2021 Investment Outlook | Investing Beyond the Pandemic: A Reset for Portfolios
    Ten ways retirement plan professionals add value to plan sponsors
    Gold: an efficient hedge
    View More
    E-MAIL NEWSLETTERS

    Sign up and get the best of News delivered straight to your email inbox, free of charge. Choose your news – we will deliver.

    Subscribe Today

    Get access to the news, research and analysis of events affecting the retirement and institutional money management businesses from a worldwide network of reporters and editors.

    Subscribe
    Connect With Us
    • RSS
    • Twitter
    • Facebook
    • LinkedIn

    Our Mission

    To consistently deliver news, research and analysis to the executives who manage the flow of funds in the institutional investment market.

    pilogo-NEW
    About Us

    Main Office
    685 Third Avenue
    Tenth Floor
    New York, NY 10017-4036

    Chicago Office
    150 N. Michigan Ave.
    Chicago, IL 60601

    Contact Us

    Careers at Crain

    About Pensions & Investments

     

    Advertising
    • Media Kit
    • P&I Content Solutions
    • P&I Careers | Post a Job
    • Reprints & Permissions
    Resources
    • Subscribe
    • Newsletters
    • FAQ
    • P&I Research Center
    • Site map
    • Staff Directory
    Legal
    • Privacy Policy
    • Terms and Conditions
    • Privacy Request
    Pensions & Investments
    Copyright © 1996-2021. Crain Communications, Inc. All Rights Reserved.
    • NEWS
      • Asset owners and the coronavirus
      • Alternatives
      • Consultants
      • Coronavirus
      • Defined Contribution
      • ESG
      • Frontlines
      • Hedge Funds
      • Investing / Portfolio Strategies
      • Money Management
      • Pension Funds
      • People Moves
      • Private Equity
      • Real Estate
      • Searches & Hires News
      • SECURE Act
      • Special Reports
      • WorldPensionSummit
    • Data
      • Research Center
      • Searches & Hires Database
      • Searches & Hires News
      • RFPs
      • Charts / Infographics
      • Sponsored Research
      • Trackers
    • Insights
      • Opinion
      • White Papers
      • Industry Voices
      • Letters to the Editor
      • Partner Content
      • Publisher's Update
    • Multimedia
      • Videos
      • Webinars
      • Polls
      • Slideshows
      • Charts / Infographics
    • Events
      • Conferences
      • Webinars
    • Careers
    • Research Center