As many organisations have learned – often the hard way – it’s less a question of if or even when a cyber attack will happen, but rather how prepared the business will be to react to the inevitable. Hackers are increasingly sophisticated and resourceful, and cyber crime is a booming global business. If an organised crime network or state-sponsored actor is determined to target a specific organisation, they will begin with proven techniques and persist until they breach that organisation’s defences. At the same time, the pace of technology innovation, adoption and diversification is increasing. For many wealth and asset management organisations, technology risks and vulnerabilities are heightened through increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services, and the collection and analysis of big data. Our financial services ecosystem of digitally interconnected entities, and people and data, greatly increases the risk of cyber crime causing a systemic shock.
Although more detailed guidance and new regulations may be coming in the future for investment companies, investment advisors, broker-dealers, transfer agents and clearing agencies, all will face greater scrutiny regarding the safeguards they have in place related to cybersecurity. Based on our experience working in the market and discussions with our clients, EY has identified five critical areas on which firms should increase their focus and that firms should be sure to incorporate into their cyber program.