To build cybersecurity and resilience, investment management firms should regularly evaluate existing platforms, policies, and procedures, as well as potential threats, and make proactive decisions to enhance cyber safety. To aid in this process, we have compiled a list of our top resources and insights to explore to help your firm build cyber resilience.
For investment management firms looking to retain top talent, hybrid and remote work are the new norm, but with employees working outside the traditional office setting, stringent cybersecurity practices and a set business continuity plan are more vital than ever before. This blog provides a 5-step checklist for building cyber resilience as an investment manager. We highlight considerations you should make regarding your computer systems and software, the role of your IT and information security teams and policies, and the security of your vendors.
If you’re part of a new or emerging firm and wondering how you can build out your systems and infrastructure to best facilitate cyber resilience, you’re not alone. At SS&C Eze, we spend a lot of time talking with the thousands of individuals operating on our platforms. We understand from our conversations with newer funds that without in-depth expertise, it’s hard to know where to start when it comes to choosing and building out cyber-secure solutions, systems, partners, and vendors, which are important not only for remaining cyber secure but for attracting investors.
Learn about the cybersecurity considerations you should make when starting up in this SS&C Eze blog or ebook, How to Start a Hedge Fund: Setting Your Firm up for Long-term Growth.
For more on the role of cybersecurity in an emerging manager’s operational setup, check out Jenny Kim DeSmyter, SS&C Eze’s managing director, global sales strategy, on the Evolving Operational Challenges panel at the HedgeWeekLIVE North America Emerging Managers Summit. Along with the other panelists, DeSmyter discusses operational due diligence requirements and changing investor expectations, your operational budget, and cybersecurity and the other key areas managers should prioritize as they invest in their infrastructure.
Check out the video below, or read Hedgeweek’s coverage of the conversation here.
In a recent exploration of industry trends, SS&C Eze identified cybersecurity as a key concern for investors and investment managers alike. More and more, we are seeing investors asking investment managers about the security and resilience of their platforms, policies, and procedures as part of their due diligence process. Learn more about the acceleration of this trend and how you can show your investors that your firm has taken the necessary steps to ensure it is cyber resilient in this whitepaper.
When it comes to outsourcing, cybersecurity is a key concern. In a survey of buy-side firms, nearly half of respondents cited security concerns associated with allowing a third party to access client/sensitive data as the primary challenge associated with third-party providers. More than half of respondents cited the integrity of client/sensitive data as their primary regulatory consideration when deciding whether to outsource. Learn more about the buy-side’s concerns regarding outsourcing and the key risks associated with third-party providers in this whitepaper or blog.
For an even more in-depth look at the relationship between your vendors and the security of your firm, check out this whitepaper covering the key considerations for ensuring your vendors adhere to industry best practices when it comes to cyber security, including high-level global-standard compliance, validation by credible external sources, and privacy and cloud security. A critical component to your cybersecurity program is a thorough and well-tested security incident response plan that can be executed rapidly in order to respond to today’s serious threats such as ransomware.
At SS&C Eze, security is a core benefit we deliver to our clients. SS&C Eze has achieved ISO 27001 certification, including the controls for ISO 27017 and ISO 27018, and in 2021 we added the controls for ISO 27701, exemplifying our commitment to keeping clients’ data safe and confidential. We are continually monitoring and making improvements to keep up with the latest cybersecurity challenges and finding ways to combat them. To learn more about SS&C Eze’s cyber-secure solutions and to see them in action, click here.