Accelerate and Enhance Your CyberSecurity and Risk Management Program
As Cybersecurity Awareness Month 2022 is in full swing, it’s an ideal time for businesses to review their cybersecurity, business continuity and risk management processes. These types of annual events are an easy point in the calendar where companies can take stock of their efforts and engage in wider conversations across the industry to buttress cybersecurity awareness.
This year’s theme, ‘See Yourself in Cyber’, is rooted in the personal. This is a chance to focus on the human elements of cybersecurity and business continuity, from collaboration to cyber hygiene and personal safety online. Drawing on the expertise of the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), this year’s program will tackle key issues including the skills gap in the cyber sphere, how each individual can be part of the solutions and action points for individuals.
Great Regulatory Expectations
All firms in the alternative investment sector are connected not only to the financial services industry, but also a complex, wide network of partners and customers globally and across different industries. It’s why enhancing private equity and hedge fund cybersecurity programs is crucial. A criminal can successfully disrupt a firm’s business continuity and penetrate defenses by first targeting a portfolio company, partner or third-party vendor. Beyond this, firms can also fall victim to a cyber-attack even if they’re not the intended target but are simply caught in a malware fallout. This interconnectedness – and the potential web of damage – is a major focus for key bodies and regulators.
In February, the SEC proposed changes to how registered investment advisers, registered investment companies and funds handle cybersecurity risk management. The changes are designed to better protect investors and maintain an orderly market, and will be under final action in April 2023. Shortly after in June, we had the findings of the annual Cybersecurity and Financial System Resilience Report published by the Federal Reserve System. The measures detailed include a new cybersecurity training plan that was put into place for Federal Reserve cybersecurity examiners in 2022 and its participation in “one-day, simulated exercises aimed at improving responses to a range of cyber-threat scenarios within the U.S. financial sector.” Across the Atlantic, UK regulators have also proposed legislation to improve the nation’s cyber resilience.
But firms should not wait for regulatory guidance to create and improve their own cybersecurity and risk management programs. After all, criminals won’t wait to attack and disrupt your operations.
Be an Active Participant, Not a Passive Victim
Inactivity is dangerous. Being a key player in the fight against cybercrime does not depend on a firm’s size, number of clients or geography. In fact, all firms in the financial services industry can defend against – and defeat – cybercriminals with a simple formula of commitment, collaboration and trust.
To be a part of the solution, companies must first have a clear commitment to cybersecurity, business continuity and operational resilience. Second, they should demand the same from each vendor, partner and organization in their network (regardless of its size or industry) to reduce vulnerabilities. And third, companies need to have confidence that customers, partners and vendors will share relevant risk information as required.
If alternative investment firms only work with companies that share the same level of commitment to cybersecurity and risk management, they can have greater confidence in their ability to operate safely. And by communicating their cybersecurity expectations and setting standards, they will position themselves as a reliable partner.
Call it safety in numbers. This shared obligation to cybersecurity creates a virtual battalion of companies standing shoulder to shoulder to defend against skilled and sophisticated cybercriminals. And that’s how companies move beyond simply deploying solutions to fight cybercrime – to becoming part of the solution themselves.
Simon Eyre is Chief Information Security Officer at Drawbridge. As a trusted private equity and hedge fund cyber security partner and industry leader in financial services cybersecurity, Drawbridge helps firms build holistic, robust cyber security and risk management programs that combat vulnerabilities before they cause business disruptions.
Find out how Drawbridge can build and strengthen your company’s defenses and improve your business continuity and operational resilience.
