The threat of cyber-attacks in the alternative Investment is real and cannot be ignored05 Jul 2016
Many regulatory bodies and industry associations have highlighted, and continue to highlight the importance of cyber security. From the SEC in the US to the BVCA in the UK, the threat posed by cyber risks are real and can have a significant impact on companies operating in the alternative investment space.
Real estate, private equity and infrastructure firms hold significant amounts of confidential information across a variety of areas, from investors to investments. It is essential that firms understand the potential risks and what they can do to help protect their investors, investments, and themselves. With the consistent development in new technology, many businesses are adopting new operating models that increase the flow of information across the organisation and the information delivered to and from third party services providers such as administrators, lawyers, and accounting firms etc.
Whilst this trend has increased employees access to information and the ability to provide greater levels of information to investors, it has certainly blurred the line between office and home, with many institutions providing their clients and investors access to information 24/7 across multiple applications and devices.
IT departments are now required to understand the cyber-attacks, data losses, and application vulnerabilities that exist within their own organisation and with third parties, in order to establish effective policies and procedures to reduce the threat posed by cyber-attacks.
Interestingly in a research report published by EY, the responsibility for overseeing the firms security resides with the CFO across the majority (56%) of alternative investment firms, followed by CCO and CIO/CTO at 17%. As a result, this will only add to the list of responsibilities that fall on the shoulders of CFOs, but it will also require them to possess expertise/insight across a variety of disciplines.
Therefore, it is important for real estate and private equity houses to access the means by which many of these potential risks can be mitigated, either through the use of third party software, device controls and/or organisational policies and procedures.