Asset and wealth management (AWM) companies are often targeted by financially motivated cybercriminals for apparent reasons. Much like banking institutions, AWM companies deal with lucrative financial data. However, unlike banking institutions, AWM companies generally have smaller security teams, budgets, and employees to protect their infrastructure – something cyber-attackers are aware of. As a result, AWM companies have grown increasingly vulnerable to cyberattacks.
Ransomware variants cause a lot of data loss and are sadly too familiar to many fund managers. Other examples of continuously expanding threat landscapes include impersonation threats which may stem from payroll scams, invoice fraud, spear-phishing, voice phishing, and more.
The rise in threats across expanding attack surfaces
Owing to the recent shift towards hybrid working, a proactive approach is required to protect systems, devices, and data from an inevitable cyberattack.
As per the results of a 2014 study by Gartner, network downtime can cost an organization approximately $5,600 per minute or nearly $300,000 per hour. However, closing the online shutters to your business could cost even more in the digital age. For instance, if a retailer suffers an outage during a big sale day like on Black Friday or Cyber Monday, it could cost them damages around $250,000 per incident. Moreover, it would also increase the number of negative reviews, which may cause 80% of potential prospects to desert the company.
Businesses are also helping the attack surface grow continuously with billions of new IoT devices surfacing online. Every device imaginable has fallen victim to hacking. The Bombardier data breach provided a much-needed reminder that vulnerabilities in software applications can harbor devastating impacts on businesses.
However, the threat landscape exceeds the scope of individual assets. As per the results of a recent Cyberpion research study, 83% of the top American retailers were connected to a vulnerable third-party asset. Moreover, 43% had vulnerabilities that posed an immediate security risk. Any internet-facing service that does not come with the latest security updates is vulnerable to an attack.
Risks and challenges in asset management
Cyberattacks have targeted the financial industry more than any other sector. In a recent report, the European Banking Authority (EBA) and the European Supervisory Authorities (ESAs) reported that cybercriminals are developing new techniques to exploit vulnerabilities in the industry.
The asset management sector is increasingly becoming an attractive target for attackers, which has led to authorities sending out clear warnings for businesses to improve their cyber hygiene. Moreover, recent fines suggest that the American Securities and Exchange Commission (SEC) is paying more attention to the cyber security vulnerabilities in firms. The SEC advises companies to formulate a disclosure committee and disclose cybersecurity incidents, risks, and all business impacts when requested.
The SEC is also demanding more transparency around processes, forensic assessments of the company’s cybersecurity systems, identifying weaknesses, and the ability to disclose incidents before they are fully understood.
Impact of attacks
The commercial impact on a business following a cyberattack is crippling, both financially and operationally. The potential reputational damage was also underestimated and ignored in the past. However, HSBC warned that it takes roughly two years, on average, for a business’s reputation to fully recover following a data breach. This can be incredibly daunting for fund managers.
However, with regulators requiring evidence of sufficient security to meet their obligations, positive changes are being observed in the industry. Moreover, asset and wealth managers now recognize that they cannot afford not to mitigate cyber security risks.
In the digital world, where a rising number of Ransomware attacks are being targeted towards private equity, venture capital, and retail fund managers, you can no longer ignore the dangers of future acquisitions. Employing a combination of preventative technologies, policies, and procedures can make protecting assets from malicious threats much easier. Understanding your weaknesses and vulnerabilities is the first necessary step to construct and maintain a secure and resilient cybersecurity posture.
Globally, regulators now require companies to employ the necessary measures to protect against cyberattacks’ reputational and financial risk.