24 November 2022

Information Security Risks that Should Keep Hedge Fund Managers Up At Night

Information security is a growing concern that impacts almost every aspect of our daily lives – from the soccer mom whose email gets hacked to the multi-billion dollar corporation whose business is ground to a halt due to a massive data theft. Darkness lurks everywhere as our society, commerce, and culture become more and more electronic.

This reality is particularly scary to hedge funds, who are less likely to be equipped to deal with these types of threats than larger institutions such as banks who have dedicated security resources in place. Given the sheer size of many hedge funds and their potential to ‘move markets,’ all industry stakeholders – fund managers, investors, and regulators – are concerned. Regulators and investors specifically have taken several steps over the past couple of years to hold asset managers accountable for proper information security measures which include industry guidance and heightened due diligence requirements.

So, what should hedge fund managers start thinking about when it comes to their information security? As a good first exercise, I recommend that hedge funds develop an understanding of what the actual risks are – in other words what is the bad that can happen if something does go ‘bump in the night.’ It is important to remember that security risks should not be confused with threats – which are scenarios/actors that influence the bad outcome (e.g. hacker attack, insider theft, etc).

With this in mind, here are the top six information security risks that would keep me up at night if I were a hedge fund manager:

Theft or unauthorized sharing of intellectual property. Hedge funds live and die by their ‘secret sauce’ and their ongoing ability to generate alpha. Theft of intellectual property can have serious implications and should be a primary concern for portfolio managers.

Theft or unauthorized sharing of client information. Fund managers have a duty and obligation to ensure that their client information (e.g. account numbers, personally identifiable information, etc) are safeguarded both in house and at an external service providers. A breach of sensitive client data can lead to irreparable damage (e.g. redemptions, lawsuits, etc).

Theft of fund and/or client assets. Wire fraud is a huge risk in the hedge fund space, where billions of dollars in cash and securities are moved each minute. It is critical for organizations to understand their internal and external cash movements as there are countless ways for bad actors to exploit them.

Front running and position copying. Within billions of dollars in trades happening each day, there is ample opportunity for a hedge fund to get “front run.” While this may not be a large concern to some funds, the economic effects can be quite damaging to a market player of size. In addition, competitors can use position copying techniques to potentially back into strategies which increases the likelihood of #1.

Availability and integrity of information systems. Technology security – applications, networks, hardware, etc – is the layer that sits on top of it all. This is both due to the sensitivity of information in which it houses but the ongoing business that it supports.

Loss of key personnel. This is an intellectual property business, and as such it is of utmost importance to protect key individuals within any hedge fund which goes well beyond information security. Fund managers should actively consider information protection, physical security, and executive protection of mission critical staff and their families.


Leave a Reply

Your email address will not be published. Required fields are marked *

Recent posts
24 April 2024
The FTC's rule on non-competes: What you need to know
The FTC issued a final rule that alters the landscape for non-compete agreements in the USA. Here's MBK Search's guide to the new rule.
22 April 2024
Combating Elder Financial Exploitation: Key Insights for GRC Professionals
Elder financial exploitation (EFE) has emerged as a significant threat, with the Financial Crimes Enforcement Network (FinCEN) receiving reports of over $27 billion in suspicious activity between June 2022 and June 2023. As the population ages, this issue becomes increasingly pressing for financial institutions, regulators, and society.
17 April 2024
2024 FSB Recommendations to Boost Non-Bank Liquidity
16 April 2024
5 Ways the Internal Audit Code of Practice Will Transform the Profession
The Chartered Institute of Internal Auditors has taken a bold step towards revolutionising the internal audit profession in the UK and Ireland by releasing its draft "Internal Audit Code of Practice."