Insights
The cyber landscape never stops shifting – and neither should your perspective. Our Insights bring you expert commentary, thought leadership and practical guidance on the issues shaping the alternative investments sector. Stay ahead of regulators, satisfy investors, and strengthen your resilience with analysis from the team that knows your world best.
-
The Importance of Independence
Investors and Allocators that are committed to independent operational due diligence and financial audits, are insisting on the importance of applying independence to cybersecurity. What should you know – Investors and Allocators view cybersecurity as following the footsteps of business financials and they expect independence in the assessment of your cybersecurity. They have identified…
-
How Family Offices can preserve assets and mitigate cyber risk in 2024
Rising inflation interest rate hikes weren’t the only challenges that Family Offices faced in 2023. As Family Offices look to preserve asset values and safeguard their reputation, a lack of adequate cyber controls remains as one of the most significant financial and operational risks. Why you should care – Family Office assets and investments are…
-
2023 in review: Alternative investment & wealth management cyber trends
This year was a challenging one for managers in the alternative investment and wealth management space. Aside from economic pressures, firms are experiencing regulatory shifts in the U.S. and Europe, from SEC and DORA, and an evolving cybersecurity landscape thanks in part to artificial intelligence. We’ve compiled the most popular Drawbridge content that addresses this…
-
2024 SEC Examination Priorities for Cybersecurity in Registered Alternative Investment Funds
With the SEC’s “Cybersecurity Risk Management for Investment Advisors” rule still awaiting their final approval, they have released a significant update to the Department of Examination’s priorities for 2024. The publication comes with some interesting focal points for cybersecurity that help shape the direction we can expect in the final ruling. First, there is a…
-
Q&A: Cybersecurity questions posed to ODD professionals
In case you missed it, Drawbridge broadcasted a webinar entitled, Expert Insights on Cybersecurity in ODD on November 15, 2023. We were joined by Christopher Vella, Technical Due Diligence Analyst from Albourne Partners, and Lauri Martin Haas, Managing Director at Prism Alternatives. They are both deeply experienced operational due diligence professionals who shared their insights…
-
Exploitation of MOVEit software demonstrates the criticality of vendor due diligence
This can be a hard truth for alternative investment managers to stomach: It’s not a matter of if you’re attacked, but when. Several investment managers learned this the painful way when a method exploiting MOVEit, a third-party file transfer software, was used to attack their firms. We know that securely transferring files between businesses can be a challenge.…
-
Subject to NFA compliance? Adopt these cybersecurity practices today
Cyber criminals target financial institutions more than almost all other industries, according to the Blackberry Global Threat Intelligence Report. Futures and commodities investors are no exception. Here’s an example. Last summer, the EvilNum hacking group specifically targeted forex trading and other alternative investment organizations in a variety of sophisticated, sustained cyber attacks. In cybersecurity speak, EvilNum…
-
7 FTC ‘safeguards rule’ changes that you need to act on now
If your head has been in the sand about the FTC Safeguards Rule that went into effect on June 9, 2023—you need to pull your head out now. Make no mistake, your alternative investment firm is required to adopt cybersecurity best practices immediately. If you fail to comply with the new ruling and fall victim…
-
What The SEC Cyber Rule Means for Your Firm’s Cybersecurity Risk Management
The alternative investment industry is awaiting a finalized ruling from the Securities and Exchange Commission (SEC) on new proposed cybersecurity rules that were originally introduced February 9, 2022 and will significantly impact firms cyber risk strategy. On March 15, 2023, the SEC released an update on the proposed cybersecurity risk management rules and amendments (“proposed Rule 206(4)-9” and “proposed…
-
What can Investment Managers do today to minimize the work required when the SEC Cybersecurity Rule becomes final this year?
While we await the final decision that is due in April 2024, preparation to comply with the new regulation should begin now in order to show a track record of cybersecurity governance and of course to strengthen your defenses against rising cyber threats. Alternative Investment and Wealth Managers that have significant gaps in their cyber…
-
Banking collapse fallout: protect yourself from related cyber risks
Cybercriminals are opportunistic and will capitalize on unpatched systems, current global events or known vulnerabilities. The Silicon Valley Bank and Signature Bank collapses will attract cybercriminals to exploit the situation and take advantage of consumer anxiety and the sense of urgency permeating the markets. Cybercriminals will likely harness social engineering attacks that go beyond everyday…
-
Are your employees ready for the SEC’s pending cybersecurity regulations?
A year after the U.S. Securities and Exchange Commission (SEC) proposed amendments to its cybersecurity regulations, the industry is waiting to see the final rules. Once the rules are put in place, funds of every size will need to comply as regulations will be tightened in areas such as risk assessment, vulnerability management and board oversight.…
