Front Line Risks for Fund Managers to Consider
The cybersecurity attacks we see today are more sophisticated, cunning and evolving every day. Ransomware attacks are quite frequent, but most frightening is the rise of targeted social engineering attacks, including ‘spear phishing’ and more recently, ‘vishing’ (spear phishing attacks conducted via phone calls or voicemails, intended to induce the disclosure of confidential information). What we take from this is a growing chasm between the capabilities, knowledge and innovation within the hacker community on the one hand, and the uninformed, poorly trained workforce in the financial industry on the other. Luckily, managers, regulators and investors are all embracing new and exciting cyber-security awareness tools, technologies and services, in an effort to catch up and diminish this divide.
In addition to these front-line risks, there are also certain enterprise risks, such as regulatory risk, reputational risk and potential third-party legal liability, in the form of private actions and lawsuits. As to the latter category of risks — private actions and general liability lawsuits — it bears noting that even beyond the laws, regulations and industry-specific rules, the general expectation of cyber-security negligence has changed. In other words, what is now considered a “reasonable standard of care” in terms of preparing for, responding to and/or recovering from a successful cyber-security attack has been heightened. The volume, sophistication and frequency of cyber-security breaches in modern day society has become so ubiquitous that the societal expectation of what is considered reasonable or even responsible is still evolving.