For institutional investors traditionally concerned about liquidity, management and strong returns, 2019 will be the year a new primary threat comes to light — financial fraud. Cybersecurity attack vectors, including phishing, wire transfer fraud and vendor payment fraud are more common than ever before. As employees and vendors succumb to manipulation from sophisticated bad actors, they unwittingly share access to private capital and sensitive data at the expense of client trust and corporate reputation.
Fueling the threat of cyberattacks is the common misconception among institutional investors that technology is the lone — or primary — solution to digital threats. A robust technology suite is critically important, but in reality, it's employees and vendors who are the greatest risk factors. Indeed, firms must employ great governance, not just great technology.
To develop effective governance policies and prevent harmful cyberattacks, asset managers and other investment firms must adopt the following best practices:
- Develop, regularly update and test a comprehensive incident response plan.
- Implement mandatory risk reviews and stakeholder meetings to discuss relevant updates and recent threat intelligence.
- Perform regular systems testing to provide assurances that established controls and protocols are working as designed.
- Engage with vendors to ensure their own security standards comply with critical cybersecurity protocols.
- Review all relevant local, state and federal cybersecurity and data security legislation, developing relationships with regulatory bodies along the way.
Together, these strategies form a thoughtful and effective governance protocol that better protects firms from the growing onslaught of cyberattacks anticipated in the year ahead.