Cybercrime costs the global economy up to US$ 500 billion annually1. It is estimated that 90% of large organisations have experienced a security breach2 and the average time to resolve a breach has increased by 221% over the last 4 years3.
Investors are increasingly expecting investment managers and service providers to be savvy about managing cybersecurity risks and a lack of a pro-active defence can land companies in trouble. In September 2015, the US SEC fined R.T. Jones Capital Equities Management US$75,000 for failing to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information of approximately 100,000 individuals4.
Globally, regulators are paying greater attention to cyber risk and there is an expectation for firms to have written policies and procedures in place addressing administrative, technical, and physical safeguards for the protection of customer records and information. As a result, the issue of cyber security is being elevated from a firm’s IT department to Boardroom level discussions.
However, while many investment organisations in Asia do have cybersecurity plans in place, limited steps have been taken to identify and mitigate cyber risks specific to the organisation or its service providers. Bridge recommends that firms at a minimum:
- Conduct a cyber security assessment against industry best practices
- Document a comprehensive due diligence process
- Assess any external organisations and internal personnel that have access to your information
- Assess risk impact levels and provide recommendations
- Partner with expert providers for implementation, including training
For more information on how to manage cyber risk within your organisation, please contact the Shoreline team.
Shoreline is a specialist asset and wealth management consulting firm with offices in Singapore, Sydney and Melbourne. Shoreline provides advice and implementation services that combine our deep business and IT expertise with our industry knowledge. For more information, please visit email us or visit www.shorelineawc.com
1. Merrill Lynch CIO reports
2. Security Breaches Survey, PWC 2015
3. CYREN Cyber Threat Report, 2015
4. US SEC Press Release, September 22, 2015