The directors and senior management of asset managers should increase collaboration across the industry to improve its resilience to cybercrime, according to the Investment Association (IA).
The UK asset management trade body has launched a cybersecurity committee to assist asset management firms. It said it would work with asset managers, regulators and public authorities to develop cybersecurity industry guidance.
Creating a forum dedicated to collaboration would help asset managers in several ways, the IA said in a joint report with KMPG that was released today.
Firms could share “threat intelligence” and best practice guidance, collaborate to collectively train staff on cybersecurity, invest in new technologies as a consortium, and share specialised resources.
A forum for collaboration would also increase the industry’s lobbying and influencing powers over key third parties, such as market data providers, stock exchanges or custodian banks, according to the IA.
It said it was working to produce a “tailored threat intelligence information sharing platform” to facilitate collaboration across the industry.
Asset management companies were likely to be an increasing target of a cyberattack given the significant value of assets under management, but they were generally less well prepared than banks and insurers, according to the IA-KPMG report.
Also, the report said, regulators and authorities were paying more attention to cybersecurity and looking for assurances that businesses were taking the necessary steps to prevent breaches.
KPMG said criminals were becoming more creative in how they attacked financial systems, and cyberattacks would become increasingly automated.
Speaking at the IA’s first cybersecurity conference for asset management, Chris Cummings, IA chief executive, said: “Technology is transforming our industry at a speed and scale never seen before, with criminals also becoming more creative in how they attack financial systems.
“Cybersecurity issues are not going away and businesses need to understand, manage and mitigate potential cybersecurity risks.”
The police for the City of London have launched an initiative to help make the capital’s financial sector more secure from cyberattacks.
In the Netherlands, regulator De Nederlandsche Bank (DNB) recently flagged concerns about pension funds’ awareness of cybersecurity risks. It emphasised that pension funds must increase their investments in the quality of IT risk management, the monitoring of outsourced tasks, the testing of adjustments, and “patch management”.
IT risk management needed more frequent evaluation and maintenance, DNB said, to prevent falling behind on “continuously changing cyber-risks”.
The Dutch regulator also announced an additional survey into data security, which would include an assessment of how quickly a pension fund was able to return to business as usual following a hack.