Investors and Allocators that are committed to independent operational due diligence and financial audits, are insisting on the importance of applying independence to cybersecurity.
What should you know – Investors and Allocators view cybersecurity as following the footsteps of business financials and they expect independence in the assessment of your cybersecurity. They have identified that cyber risk has a likelihood of occurrence rivalling other financially impacting risks and our experience shows Funds are coming to us because of this need.
Why you care – Drawbridge Analytics shows that the ownership of controls for an Alternative Investment Firm is as much as a 50/50 split between an IT provider or a managed service provider (MSP) and the firm. Putting the responsibility of cybersecurity only on the shoulders of the MSP or IT team brings significant disadvantages.
MSP firms will simply “not know, what they don’t know” in these situations, potentially missing 50% of a firm’s cybersecurity controls in its reviews. What’s more, you cannot protect against the difficulties faced by internal teams to remain impartial and avoid self-preservation.
The bigger picture – Cybersecurity is not an IT problem; it is a business problem. Attacks continue to rise and damages are more severe. It’s not just lost data, it’s the threat of public disclosure, reputational damage in front of Investors and Allocators, outages of critical trading opportunities, and more.
Strong and independent governance and vulnerability management can meaningfully protect investors from harm. This includes risk assessments of both the fund and their service providers, effective policies, training and phishing tests, incident response simulation, and technical vulnerability checks in the form of daily scans and penetration tests.
Get smart – Make sure you understand what allocators/LPs are asking for. Find out how your fund is assessing cybersecurity and make sure it measures up to investor expectations. Here is an infrequent opportunity to demonstrate to the Board and stake holders, that bringing in an independent assessor of cybersecurity can create a marketable event to new investors, enhance relationships with existing investors, and prepare the business for regulatory enhancements.
To learn more about how Drawbridge ensures independent, objective Cyber Risk Assessment findings, contact one of Drawbridge’s representatives to learn more.