Emerging managers face a vicious fundraising market and coupled with the increasing requirements for regulatory compliance they can quickly lose their agile edge in a marketplace. On face value, cybersecurity feels like an anchor to their firm but there are incredible advantages to the start-up fund that might not be initially apparent.
It’s not just regulators that are taking a focus on cybersecurity. Investors and allocators take considerable time to ensure their investments will be handled appropriately and cyber risk has been taken into account. Proper preparation around a cybersecurity program can become a differentiator and one for minimal investment.
Good cybersecurity does not equal significant investments in technology. In fact, many start-up funds will likely limit tech spend to cloud collaboration tools such as Microsoft 365 and Google Workspace, plus SaaS (software as a service) programs for trading and service providers for fund admin. All of these can be brought under a correctly deployed cyber framework that’ll result in a secure set of processes and administrative controls. It will demonstrate a level of maturity and thought that stands out.
With the vision to grow, there is no better time to implement the right cyber controls than at inception either. A cybersecurity program is designed to grow and evolve with a business. Cyber is never a throw-away. It is far harder to adapt cyber into an established business and change the culture and work style later.
There are only downsides to not establishing a cybersecurity program. Poor security controls can easily result in the modern-day digital bank robbery, most commonly in the financial world via ransomware, social engineering, and impersonation techniques. No business is “too small” to be noticed on the internet. In fact, the majority of attacks are size agnostic, despite the headliners appearing to be large, targeted attacks.
Investors and regulators alike will expect firms to declare major breaches and if the damage from the attack wasn’t disruptive enough then the reputational damage will take a significant additional toll. The SEC’s new proposed cybersecurity rules even flag this difficulty for emerging managers, pointing out cyberattacks are more detrimental to smaller companies and their investors.1
Emerging managers should not consider cybersecurity a burden but embrace the advantages it can bring to their business. It might seem like a subtle edge but in the eyes of the allocators, it’s an important one.
Sources:
1 https://www.federalregister.gov/d/2022-05480/p-453
