Mid-sized service provider such as fund directors and third
party marketers, which house enormous amounts of sensitive data, are
potentially at risk from cyber-crime, according to ensentire, a security service
provider.
Many of these organizations cannot justify the substantial
technology spend to help mitigate the risk of cyber-threats. Corporate
governance providers and third party marketers possess huge swathes of confidential
personal data on investors and managers, yet many do not possess the
infrastructure to mitigate the threat of a major cyber-attack.
“Smaller market participants carry a significant amount of
personal information yet they do not have the resources or budget to invest
heavily in cyber-protection as they do not believe it is cost effective,” said
Julian Atlee, senior business development manager at esentire in London,
speaking at the GAIM Ops Conference in Dublin.
Cyber-attacks have been on the rise. A survey carried out by
the US Securities and Exchange Commission in early 2015 found 88% of broker
dealers and 74% of investment advisers had experienced a cyber-attack directly
or through a third party.
Despite the technology spend, major market infrastructures
are not exempt from cyber-threats either. The then Committee on Payment and
Settlement Systems (CPSS), the International Organization of Securities
Commissions (IOSCO) and the World Federation of Exchanges surveyed 46 exchanges
globally and found more than half had been a victim of cyber-crime over the
preceding year. There have also been high-profile hacks of banks including J.P.
Morgan.
Regulators including the SEC and the Central Bank of Ireland
(CBI) are taking note, although Atlee said US regulators appeared to be ahead
of the game in terms of understanding and awareness about cyber-crime. “There
is a big gap between regulators’ understanding in the EU versus the US but I
believe this gap will be narrowed in time,” commented Atlee.
The SEC has issued a number of Risk Alerts to broker dealers
and asset managers about cyber-crime. The SEC advised firms have policies and
procedures to deal with cyber-threats and that employees be trained in how to
mitigate these risks. It also recommended managers review the cyber-security
protocols at external vendors, which might host sensitive data.
Mid-sized service providers warned on cyber-crime
Mid-sized service provider such as fund directors and third party marketers, which house enormous amounts of sensitive data, are potentially at risk from cyber-crime, according to ensentire, a security service provider.
« Firms urged to classify local authorities as retail under MiFID II