Insights

24 November 2022

Information Security Risks that Should Keep Hedge Fund Managers Up At Night

Information security is a growing concern that impacts almost every aspect of our daily lives – from the soccer mom whose email gets hacked to the multi-billion dollar corporation whose business is ground to a halt due to a massive data theft. Darkness lurks everywhere as our society, commerce, and culture become more and more electronic.

This reality is particularly scary to hedge funds, who are less likely to be equipped to deal with these types of threats than larger institutions such as banks who have dedicated security resources in place. Given the sheer size of many hedge funds and their potential to ‘move markets,’ all industry stakeholders – fund managers, investors, and regulators – are concerned. Regulators and investors specifically have taken several steps over the past couple of years to hold asset managers accountable for proper information security measures which include industry guidance and heightened due diligence requirements.

So, what should hedge fund managers start thinking about when it comes to their information security? As a good first exercise, I recommend that hedge funds develop an understanding of what the actual risks are – in other words what is the bad that can happen if something does go ‘bump in the night.’ It is important to remember that security risks should not be confused with threats – which are scenarios/actors that influence the bad outcome (e.g. hacker attack, insider theft, etc).

With this in mind, here are the top six information security risks that would keep me up at night if I were a hedge fund manager:

Theft or unauthorized sharing of intellectual property. Hedge funds live and die by their ‘secret sauce’ and their ongoing ability to generate alpha. Theft of intellectual property can have serious implications and should be a primary concern for portfolio managers.

Theft or unauthorized sharing of client information. Fund managers have a duty and obligation to ensure that their client information (e.g. account numbers, personally identifiable information, etc) are safeguarded both in house and at an external service providers. A breach of sensitive client data can lead to irreparable damage (e.g. redemptions, lawsuits, etc).

Theft of fund and/or client assets. Wire fraud is a huge risk in the hedge fund space, where billions of dollars in cash and securities are moved each minute. It is critical for organizations to understand their internal and external cash movements as there are countless ways for bad actors to exploit them.

Front running and position copying. Within billions of dollars in trades happening each day, there is ample opportunity for a hedge fund to get “front run.” While this may not be a large concern to some funds, the economic effects can be quite damaging to a market player of size. In addition, competitors can use position copying techniques to potentially back into strategies which increases the likelihood of #1.

Availability and integrity of information systems. Technology security – applications, networks, hardware, etc – is the layer that sits on top of it all. This is both due to the sensitivity of information in which it houses but the ongoing business that it supports.

Loss of key personnel. This is an intellectual property business, and as such it is of utmost importance to protect key individuals within any hedge fund which goes well beyond information security. Fund managers should actively consider information protection, physical security, and executive protection of mission critical staff and their families.

Information security is a growing concern that impacts almost every aspect of our daily lives – from the soccer mom whose email gets hacked to the multi-billion dollar corporation whose business is ground to a halt due to a massive data theft. Darkness lurks everywhere as our society, commerce, and culture become more and more electronic.

This reality is particularly scary to hedge funds, who are less likely to be equipped to deal with these types of threats than larger institutions such as banks who have dedicated security resources in place. Given the sheer size of many hedge funds and their potential to ‘move markets,’ all industry stakeholders – fund managers, investors, and regulators – are concerned. Regulators and investors specifically have taken several steps over the past couple of years to hold asset managers accountable for proper information security measures which include industry guidance and heightened due diligence requirements.

So, what should hedge fund managers start thinking about when it comes to their information security? As a good first exercise, I recommend that hedge funds develop an understanding of what the actual risks are – in other words what is the bad that can happen if something does go ‘bump in the night.’ It is important to remember that security risks should not be confused with threats – which are scenarios/actors that influence the bad outcome (e.g. hacker attack, insider theft, etc).

With this in mind, here are the top six information security risks that would keep me up at night if I were a hedge fund manager:

Theft or unauthorized sharing of intellectual property. Hedge funds live and die by their ‘secret sauce’ and their ongoing ability to generate alpha. Theft of intellectual property can have serious implications and should be a primary concern for portfolio managers.

Theft or unauthorized sharing of client information. Fund managers have a duty and obligation to ensure that their client information (e.g. account numbers, personally identifiable information, etc) are safeguarded both in house and at an external service providers. A breach of sensitive client data can lead to irreparable damage (e.g. redemptions, lawsuits, etc).

Theft of fund and/or client assets. Wire fraud is a huge risk in the hedge fund space, where billions of dollars in cash and securities are moved each minute. It is critical for organizations to understand their internal and external cash movements as there are countless ways for bad actors to exploit them.

Front running and position copying. Within billions of dollars in trades happening each day, there is ample opportunity for a hedge fund to get “front run.” While this may not be a large concern to some funds, the economic effects can be quite damaging to a market player of size. In addition, competitors can use position copying techniques to potentially back into strategies which increases the likelihood of #1.

Availability and integrity of information systems. Technology security – applications, networks, hardware, etc – is the layer that sits on top of it all. This is both due to the sensitivity of information in which it houses but the ongoing business that it supports.

Loss of key personnel. This is an intellectual property business, and as such it is of utmost importance to protect key individuals within any hedge fund which goes well beyond information security. Fund managers should actively consider information protection, physical security, and executive protection of mission critical staff and their families.

2
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Search
Recent posts
LATEST INSIGHTS
1 June 2023
The FDA is being outrun by AI. Here's how it can keep up
As the FDA in the U.S. admits the agency cannot keep pace with new technologies in health care, questions are being asked about what it can do to keep pace.
24 May 2023
How should banks and auditors get along?
There are concerns that internal audit has become an extension of the regulator, which isn’t healthy for internal audit’s mission. Stephanie Baxter explores the challenges and what improvements are needed.
15 May 2023
Remote control: Why the push for onsite work isn't moving GRC workers
As some financial services firms force employees to return to the office full-time, many in GRC are resisting. Can an industry determined to get people back on site unring the remote bell?
4 May 2023
Jan Triani joins MBK Search as Managing Director of Med Tech
MBK Search is excited to announce that Jan Triani has joined the company as its new Managing Director of Med Tech.
css.php