Insights

Cybersecurity lessons learned from the biggest IT outages  What happened – On July 19, 2024, CrowdStrike pushed out flawed software that affected the Microsoft Windows’ kernel, the core that connects all the other parts of the Windows operating system. The flaw caused a logic error in the operating system, triggering the infamous Blue Screen of…

What you should know — Emerging alternative investment managers need to complete a Cyber Risk Assessment (CRA) to create a comprehensive cyber policy.   A CRA offers valuable, actionable information about your firm’s current cyber posture and evaluates your existing cybersecurity program end-to-end. Through completion of a CRA, you can:  Produce cyber program policies for…

Mitigating cyber risks at third-party vendors is paramount for meeting cyber-related compliance regulations.  Dozens of regulations have specific standards. For this blog, we cover key regulatory requirements from the SEC pertaining to third-party risk.  2024 SEC Exam Priorities and Proposed New Rules  The SEC’s Department of Examination has made it clear that oversight of third-party…

Keeping up with evolving cybersecurity regulations requires thorough and consistent assessments.   A Cyber Risk Assessment gives Emerging Fund Managers greater insight into cybersecurity deficiencies and which cyber controls to implement in order to meet compliance requirements. Check out the four ways a Cyber Risk Assessment (CRA) helps simplify compliance:   Completing a CRA helps…

Completed Cyber Risk Assessments (CRAs) immediately provide value by benchmarking your investment’s cyber preparedness against your entire portfolio. Utilizing a CRA to its full potential requires you to learn from the insights and data gathered to improve your cyber program.  Here are the essential do’s and don’ts after you complete a CRA:    Do’s:   Prioritize high-risk…

Many of us bring work with us, even during summer travel with friends or family.   Using personal or business devices to access work while on the go, particularly when traveling overseas, comes with unique data security challenges.  Here are some essential tips to ensure your corporate and personal data remains secure during your travels:  1.…

Cyber Insurance Market Trends After significant increases in premiums in 2021 and 2022, the cyber insurance market has now stabilized despite a steady acceleration in the frequency and sophistication of attacks. This has led to competitive renewal expense for companies that can demonstrate improved cyber maturity and a simultaneous increase in costs amongst firms with…

Penetration Tests are a frequently requested service at Drawbridge. Many Alternative Investment Managers wait until year-end to schedule these critical assessments, only to find providers overwhelmed with requests.   Here’s why scheduling your Penetration Test, also referred to as Pen Tests, during the summer is a smarter choice.  Why schedule Pen Tests during the summer? …

Protecting your PortCo’s requires a deep understanding of the many vulnerabilities in their environment.     With bad actors targeting Portfolio Companies (PortCo’s), ensuring the long-term value of your portfolio requires  an in-depth look at your PortCo’s cyber posture.   Here are seven of the most common cyber vulnerabilities impacting PortCo’s today:   Lack of multi-factor authentication…

Many of us know the obvious consequences of a data breach, like regulatory fines and monetary loss. Yet, a data breach can have widespread impacts that go beyond the obvious in the Alternative Investment space.  Here are 3 not-so-obvious dangers of a data breach to address:  Attracting the attention of other cybercriminals After suffering a…

In May 2024, the SEC published final enhancements to the existing Safeguards and Disposal Rule to protect sensitive customer and investor information. The updates establish a federal minimum standard for data breach notifications by broadening disclosure and recordkeeping requirements.   What you need to know – This isn’t a new rule, but an amendment to an…