Hedge fund managers are concerned about data risk and investing heavily in cyber security.
As hedge funds start to rely more heavily on technology, many managers are becoming increasingly concerned about data risk. Cyber security is a top level agenda item and will attract significant investment. Many managers also seem concerned about how their data is protected when it is outside of the control of the firm.
Cyber security is ranked as an important technology capability by 83 percent of our respondents. Not surprisingly, larger companies are more focused on cyber security than most; 92 percent of large funds say they see cyber security tools as an important technology over the next 5 years. Cyber security technologies are also expected to enjoy a flood of new investment from hedge fund managers over the coming years with 65 percent of our respondents saying they would put significant or very significant investment into cyber capabilities. Thirty-one percent of the largest funds in our survey went so far as to say that cyber security would be a key differentiator for their firm.
“Cyber is a massively important issue for our firm and we put a lot of effort into improving our control over our data,” said the COO of one large firm. “We do security intrusion testing twice a year, we do technology training every quarter and we spend a lot of time educating our employees about threats like phishing emails and targeted attacks.”
“I think a lot of fund managers rely heavily on the belief that their outsourced providers are taking care of their cyber security but the reality is that you can’t rely on a third party to protect your data,” added Robert Mirsky, KPMG Global Head of Hedge Funds. “You need to have a really strong oversight function because, at the end of the day, it is the fund manager that is left dealing with the fallout, not the service provider.”
It is encouraging to note, however, that most managers expect to increase their investment into cyber security over the next 5 years. Almost two-thirds (64 percent) report that their cyber investment will increase in that time while 36 percent say it will likely remain the same. No managers involved in our survey suggest that they will decrease cyber funding over the next 5 years.
Where fund managers and executives demonstrate less confidence, however, is in the security of their data when it leaves the control of the firm. “A challenge with security preparedness on the public cloud often comes down to support. If an incident occurs on a public cloud, clients are often left sitting in a public queue waiting for the next available service technician rather than picking up the hotline to your dedicated helpdesk,” noted Daniel Page, Head of Asset Management Advisory, KPMG in Ireland. “Private clouds are purposely build for alternative investment firms and the associated applications, which allow these providers to provide customises services and rapid support to clients. Those fund managers relying on public cloud and off-the-shelf applications will have a hard time defending their approach to investors if their data gets hacked.”