While all industries are potentially vulnerable to cybercrime, asset managers are particularly in the crosshairs because of the sensitive data and large volumes of money they handle.
In fact, among 300-plus recently surveyed executives at investment management firms, 93% said they experienced at least one cyber incident in the past year, and nearly one in five faced dozens or more such threats.
Those polled by Omega Systems, a provider of IT and cybersecurity services for regulated industries, included leaders at registered investment advisers, wealth managers, hedge funds, private equity firms and family offices, among others.
Their risk is great, as 88% of them acknowledged that a successful cyberattack would likely lead to asset withdrawals or losses. Among CFOs in the survey base, that figure rose to 94%.
“Trust is currency in financial services,” Omega Systems wrote in its survey report. “When trust is broken, clients don’t wait for explanations. They move their money.”
Beyond that unsettling specter, asset managers also expressed concern about the possible disruption of operations (cited by 63% of those surveyed), financial theft, fraud or account compromise (47%), loss of investor/client trust or damage to the firm’s reputation (46%) and increased insurance premiums or denial of coverage (30%).
Asked about the types of attacks they feel least prepared to recover from, ransomware was the top choice, with 51% saying they’re unprepared for such attacks.
According to the report, most leaders at investment management firms are confident that employees could recognize AI-driven threats. However, about a third said they are not fully confident, and only 17% said security awareness training will be a priority in the coming year. “In the absence of stronger readiness,” Omega Systems wrote, almost nine in 10 of the firms now carry cyber insurance coverage.
But most financial firms are working on the problem, according to the report. More than three-fourths (78%) of those surveyed increased cybersecurity spending in the past year. The proportion was highest (88%) among those with $101 million to $500 million in assets under management.
Among the different types of asset managers, registered investment advisers were least likely to increase security budgets (only 57% did), and in fact, 11% of RIAs said they significantly decreased their IT spend last year.
But while some firms have adopted continuous or monthly assessments to strengthen their resilience to cybercrime, according to the report, 41% still rely on quarterly or less-frequent reviews. That “creates extended windows of vulnerability that attackers can exploit,” Omega Systems wrote.
