Insights
The cyber landscape never stops shifting – and neither should your perspective. Our Insights bring you expert commentary, thought leadership and practical guidance on the issues shaping the alternative investments sector. Stay ahead of regulators, satisfy investors, and strengthen your resilience with analysis from the team that knows your world best.
-
Approaching Your GPs and LPs About Cybersecurity
We all know that a strong cyber program plays a vital role in meeting regulator expectations, but what about when you need to bring the conversation to your firm’s LPs? Handling cyber discussions with executives requires you to speak their language. Drawbridge’s CISO Simon Eyre recently sat down with Peter Christodoulo of Francisco Partners to…
-
How to Protect Your Firm from AI Misuse?
Earlier this month, the New York Department of Financial Services (NYDFS) officially announced new guidance for addressing and mitigating AI-related cybersecurity risks. In its industry letter, the regulator highlights four specific risks to pay special attention to: AI-enabled social engineering AI-enhanced cybersecurity attacks Exposure or theft of vast amounts of non-public information Increased vulnerabilities due…
-
How to Prepare Your Firm for SEC Compliance in 2025?
In May 2024, the U.S. Securities and Exchange Commission announced the Regulation S-P amendment. We covered the S-P Amendment update when news of this regulatory change first broke. Per the SEC’s press release, the amendment applies to broker-dealers, investment companies, registered investment advisers, and transfer agents. Specific requirements fell into three main categories: Incident response…
-
Cyber Safe: 2024 best practices for alts managers on the go
In our third chapter of our cyber safe series, we’re exploring how you can keep your reputation and assets safe while on the go. With juice jacking and device theft becoming too common, check out our top six recommendations for excellent data privacy practices while traveling: Before traveling, double-check that your devices’ antivirus and anti-malware…
-
Cyber Safe 2024: personal best practices for alts managers
In part two of our cyber safety series, we explore the personal side of information security. What happens when your job follows you home? Here’s our ultimate list to avoid getting compromised when you bring the office home with you: Use a personal password manager. In addition to minimizing the risk of using weak or…
-
Cyber Safe: 2024 corporate best practices for alts managers
For Cybersecurity Awareness Month, we’re launching our Cyber Safe series. Since cybersecurity is a team sport, we’ll start by sharing some best practices for the alternative investment community in the office, at home, or on the go! At the end of the month, we’ll host our first masterclass: From Tech Talk to Board Talk: Mastering…
-
3 Often overlooked risks among Hedge Funds
Drawbridge knows a thing or two about mitigating cyber risks among Hedge Funds. Drawbridge is the leading cyber provider among Alternative Investment Managers, serving over 1,000 clients. Read the three most commonly overlooked cyber risks that Drawbridge typically finds and helps solve when engaging with new Hedge Fund clients. Limit access from personal emails Of…
-
Key takeaways from the CrowdStrike/Microsoft IT outage for Institutional Investors
Cybersecurity lessons learned from the biggest IT outages What happened – On July 19, 2024, CrowdStrike pushed out flawed software that affected the Microsoft Windows’ kernel, the core that connects all the other parts of the Windows operating system. The flaw caused a logic error in the operating system, triggering the infamous Blue Screen of…
-
The one thing emerging Alternative Investment Managers need to do first to ensure cyber resilience
What you should know — Emerging alternative investment managers need to complete a Cyber Risk Assessment (CRA) to create a comprehensive cyber policy. A CRA offers valuable, actionable information about your firm’s current cyber posture and evaluates your existing cybersecurity program end-to-end. Through completion of a CRA, you can: Produce cyber program policies for…
-
Cyber compliance through Vendor Risk Management
Mitigating cyber risks at third-party vendors is paramount for meeting cyber-related compliance regulations. Dozens of regulations have specific standards. For this blog, we cover key regulatory requirements from the SEC pertaining to third-party risk. 2024 SEC Exam Priorities and Proposed New Rules The SEC’s Department of Examination has made it clear that oversight of third-party…
-
How a Cyber Risk Assessment helps Emerging Fund Managers meet compliance requirements
Keeping up with evolving cybersecurity regulations requires thorough and consistent assessments. A Cyber Risk Assessment gives Emerging Fund Managers greater insight into cybersecurity deficiencies and which cyber controls to implement in order to meet compliance requirements. Check out the four ways a Cyber Risk Assessment (CRA) helps simplify compliance: Completing a CRA helps…
-
What to do after completing a Cyber Risk Assessment on your Portfolio Companies
Completed Cyber Risk Assessments (CRAs) immediately provide value by benchmarking your investment’s cyber preparedness against your entire portfolio. Utilizing a CRA to its full potential requires you to learn from the insights and data gathered to improve your cyber program. Here are the essential do’s and don’ts after you complete a CRA: Do’s: Prioritize high-risk…
