The financial industry has long been a target for cybercriminals. However, the situation is becoming even more critical, with hedge fund firms facing increasing cybersecurity breaches and having to deal with the expensive fallout.
For example, a 2019 Accenture report revealed that the financial sector bore the highest average cost of cybercrime incidents, amounting to $18.5 million per incident across all industries. As our reliance on technology intensifies and remote work gains traction, it has never been more crucial for hedge fund firms to prioritize implementing robust cybersecurity measures.
Cetera Entities, Cambridge, and KMS Financial Services – SEC Sanctions
In 2021, the SEC imposed sanctions on eight firms, including the Cetera Entities, Cambridge, and KMS Financial Services, for cybersecurity failures that exposed the personal data of thousands of customers.
The penalties levied against the firms were significant, with Cetera paying a $300,000 penalty, Cambridge a $250,000 penalty, and KMS a $200,000 fine. The SEC noted that from November 2017 to June 2020, 60 cloud-based email accounts of Cetera Entities employees were compromised, resulting in 4,388 customers and clients having their personal information leaked.
SEI Investments Co. – Ransomware Attack
A ransomware attack on a vendor of SEI Investments Co. exposed investors’ personal information in around 100 of the fund administrator’s clients. Among the affected funds were Angelo Gordon & Co., Graham Capital Management, Fortress Investment Group LLC, Centerbridge Partners, and Pacific Investment Management Co.
The attack targeted M.J. Brunner, a service provider that developed and supported SEI’s investment dashboard and online enrollment portal. The hackers accessed files containing usernames, emails, and sometimes names, physical addresses, and phone numbers associated with the dashboard.
Finastra and Finablr PLC – Ransomware Attacks
The financial services sector has seen a string of ransomware attacks targeting suppliers. In March 2020, financial technology provider Finastra was hit by an attack forcing it to temporarily take its systems offline.
In December 2019, Finablr PLC’s foreign-exchange business Travelex experienced an attack that shut down its website for weeks, causing disruptions for banks that relied on its services. In response to these incidents, the SEC published a warning about sophisticated cyberattacks targeting companies it regulates and their third-party suppliers.
Levitas Capital – Business Email Compromise Attack
Levitas Capital, a hedge fund firm that specialized in capitalizing on market volatility, suffered a business email compromise (BEC) attack that led to its collapse. The cybercriminals gained access to corporate email accounts and authorized millions of dollars in fraudulent transfers to foreign bank accounts. Initially planning to invest an additional $16 million, the firm’s largest investor withdrew its funds after the BEC attack, causing the hedge fund to shut down.
Types of Costs Involved in a Data Breach
Data breaches can result in major financial losses for hedge fund firms, with costs falling into several categories:
- Suffering Direct Financial Losses: Cyberattacks can lead to stolen funds or unauthorized transfers, as in the case of Levitas Capital, which lost $1.2 million due to a business email compromise attack.
- Navigating Regulatory Fines and Penalties: Failing to meet cybersecurity standards may result in financial firms being subject to fines from regulatory authorities such as the SEC, with penalties typically ranging from $200,000 to $300,000 per firm.
- Managing Legal Fees and Litigation Costs: Data breaches often give rise to costly lawsuits and settlements. As noted in the 2022 Cost of a Data Breach Report by IBM and Ponemon, the global average cost of a data breach stands at $4.24 million, with the United States experiencing the highest average cost at $9.05 million per incident.
- Addressing Remediation and Recovery Expenses: Tackling vulnerabilities, restoring systems, and recovering data can be resource-intensive processes that require considerable time and financial investment.
- Mitigating Reputational Damage: Cyberattacks can lead to diminished trust from clients, investors, and future business partners. For example, the downfall of Levitas Capital was triggered by a major investor withdrawing funds following a cyberattack.
- Overcoming Lost Productivity and Business Interruption: Operational downtime from data breach disruptions can significantly impact productivity. The 2022 Cost of a Data Breach Report by IBM disclosed that the average cost of lost business due to a data breach amounted to $1.59 million, making up 38% of the total cost of a data breach.
Hedge fund firms must protect themselves and their clients from the far-reaching implications of cyberattacks. Therefore, it is essential to invest in comprehensive cybersecurity measures, such as establishing partnerships with managed IT services providers that can offer their expertise and support.
Preventative Measures for Hedge Fund Firms
In the face of these risks, hedge fund firms must prioritize comprehensive cybersecurity measures to protect their valuable assets and client information. One of the most effective strategies is partnering with a managed IT services provider specializing in the financial industry. By leveraging the expertise of managed IT services, hedge fund firms can implement robust security measures, including:
- Regular risk assessments: Managed IT service providers can conduct periodic risk assessments to uncover vulnerabilities and recommend appropriate solutions, ensuring the firm’s security posture remains strong.
- Endpoint protection: The use of advanced endpoint protection tools helps prevent unauthorized access to a hedge fund’s network and detect and remediate potential threats.
- Email security: Managed IT services can enhance email security by deploying advanced spam filtering, phishing detection, and multi-factor authentication to protect against business email compromise attacks.
- Network security: Managed IT service providers can design and maintain secure networks, utilizing intrusion detection systems, firewalls, and virtual private networks (VPNs) to safeguard sensitive data.
- Security awareness training: Employees can be a hedge fund’s weakest link. Managed IT services can provide ongoing security awareness training to help staff recognize and respond to potential threats.
- Incident response and recovery: In the event of a breach, managed IT service providers can assist with rapid incident response, remediation, and recovery to minimize the impact on the hedge fund’s operations and reputation.
Safeguard Your Hedge Fund Firm’s Reputation and Client Trust with SeaGlass
The increasing prevalence of cybersecurity breaches in the hedge fund industry underscores the need for robust protection measures. By partnering with managed IT services providers, hedge fund firms can bolster their defenses against potential cyber threats, safeguarding their assets and maintaining the trust of their clients and investors.
SeaGlass Technology understands the unique challenges faced by hedge fund firms and financial organizations when it comes to cybersecurity. As a managed IT services provider specializing in this sector, our cybersecurity specialists are committed to providing expert advice and outstanding services to protect your firm from cyberattacks.
Don’t let your hedge fund become another statistic in the growing list of cybersecurity breaches. Contact us today at (212) 886-0790 or online, and together, we’ll develop a comprehensive cybersecurity strategy tailored to your firm’s needs, giving you the peace of mind that your valuable assets and client information are secure.