Hedge Funders Weigh Cybersecurity Protection and Cost
With cybersecurity threats increasing each day, hedge funds need to consider increased protection to prevent loss of sensitive information.
23 June 2015
The introduction of cloud technology has transformed the way we operate.
For hedge funds, that means greater operational efficiencies, data management capabilities and lower costs of doing business. But with the manner and scope of cybersecurity threats increasing each day, funds need to consider increased protection to prevent loss of sensitive information.
According to a recent Hedgeweek.com article, hedge fund CTOs are walking a tight line between bolstering security systems on the one hand, and justifying cost on the other. A security program that works for one hedge fund manager might exceed justified IT expenditure for another, depending on the fund’s size and AUM.
“The arrival of cloud services simply [makes] access to data more easily available. The headaches around securing, controlling, encrypting and auditing this data end-to-end should not be underestimated,” Andrew Flatt, CTO at Omni Partners LLP, said in the Hedgeweek.com article.
Developing a Best Fit Security Program
Without a set standard to follow across the industry, it is becoming increasingly difficult for CTOs to keep on top of everything.
“The problem with cybersecurity is that multiple parties are throwing their ten pennith in, from investors and government bodies to regulatory bodies, most notably the SEC and FCA,” Hedgeweek.com reports.
CTOs need to address five key points when developing a security program for a particular hedge fund. They include:
- Understanding the expectations of their investors and regulators
- Determining what fits the purpose of the fund, and justifying the cost internally
- Sorting through the plethora of technology solutions on the market
- Making sure security measures do not impede user productivity
- Performing due diligence on third party service providers
Security, a Key Criterion for Today’s Investors
In operational due diligence (ODD) questionnaires, investors are asking more in-depth questions about how hedge fund managers address potential cybersecurity threats.
Hedgeweek.com reports: “If an investor turned up and found that a manager had one firewall that had been purchased from a high street vendor, it would create a fair degree of apprehension and could even lead them to divesting their assets.”
When evaluating a third party solution, particularly when considering SaaS document management, Intralinks recommends providers that are ISO 27001:2013 certified, a specification that provides legal, physical and technical controls for information risk management and protection.
Kylie Horner is an Associate in Strategy and Product Marketing at Intralinks. She is part of the team responsible for determining go-to-market strategies for the debt capital markets and alternative investment businesses. Prior to joining Intralinks, Kylie worked in marketing and communications at ACTIV Financial, a financial information technology firm. She graduated from the University of Colorado at Boulder with a degree in Journalism, and a specialization in global media.