Mid-sized service providers warned on cyber-crime

Mid-sized service provider such as fund directors and third party marketers, which house enormous amounts of sensitive data, are potentially at risk from cyber-crime, according to ensentire, a security service provider.

By Editorial
Mid-sized service provider such as fund directors and third party marketers, which house enormous amounts of sensitive data, are potentially at risk from cyber-crime, according to ensentire, a security service provider.

Many of these organizations cannot justify the substantial technology spend to help mitigate the risk of cyber-threats. Corporate governance providers and third party marketers possess huge swathes of confidential personal data on investors and managers, yet many do not possess the infrastructure to mitigate the threat of a major cyber-attack.

“Smaller market participants carry a significant amount of personal information yet they do not have the resources or budget to invest heavily in cyber-protection as they do not believe it is cost effective,” said Julian Atlee, senior business development manager at esentire in London, speaking at the GAIM Ops Conference in Dublin.

Cyber-attacks have been on the rise. A survey carried out by the US Securities and Exchange Commission in early 2015 found 88% of broker dealers and 74% of investment advisers had experienced a cyber-attack directly or through a third party.

Despite the technology spend, major market infrastructures are not exempt from cyber-threats either. The then Committee on Payment and Settlement Systems (CPSS), the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges surveyed 46 exchanges globally and found more than half had been a victim of cyber-crime over the preceding year. There have also been high-profile hacks of banks including J.P. Morgan.

Regulators including the SEC and the Central Bank of Ireland (CBI) are taking note, although Atlee said US regulators appeared to be ahead of the game in terms of understanding and awareness about cyber-crime. “There is a big gap between regulators’ understanding in the EU versus the US but I believe this gap will be narrowed in time,” commented Atlee.

The SEC has issued a number of Risk Alerts to broker dealers and asset managers about cyber-crime. The SEC advised firms have policies and procedures to deal with cyber-threats and that employees be trained in how to mitigate these risks. It also recommended managers review the cyber-security protocols at external vendors, which might host sensitive data.

«