[author: Sara De La Torre]*

The convergence of digital transformation and globalisation will reshape the investment management industry over the next five years. As this convergence materialises, data privacy and cyber security are becoming top business risks and an executive board priority. With the current geopolitical instability and cyber compliance rising worldwide, scrupulous end-to-end cyber security is becoming a core focus for investment management firms.

Cyber security for investment managers should start at the board level and expand throughout the organisation. Vulnerabilities develop alongside the widening use of third-party data, cloud, mobile devices, Internet of Things, AI and blockchain. Major security breaches threaten not only an investment firm's clients but also its reputation. Many in the sector crave for an end-to-end layered view of cyber security, with integrated governance, reporting, and risk assessment that enables cyber risk mitigation while being able to realise their digital transformation goals.

Executive boards are rolling out several initiatives to combat the increasing cyber risk. We recently sponsored The New Statesmen’s Financial Services Cyber Security Summit held in London, and we heard first-hand how the sector is investing in people, learning and development, technologies, and cyber advisors. But many in the room admitted that they lack an integrated framework for cyber risk management and reporting, just like any other financial risk.

Embracing the opportunity

We’re likely to see increasing cultural change at investment management firms as they continue to recognise that cyber security does not sit as just an IT challenge, but should play an important role in the overall risk function. There’s an opportunity for firms to use cyber security as a foundational pillar that underpins many of their strategic decisions; to help gain a competitive advantage, increase revenues, or maintain business reputation. For this reason, many of the firms we work with are looking to improve their overall cyber security with a holistic approach.

Cyber security is a rapidly evolving threat to firms and the marketplace can be tricky to navigate (software/hardware/advisory), and there are well known skills gaps to address globally. Business collaborations and partnerships are becoming the preferred methods of many investment managers, so they’re best equipped to address their global cyber risk exposure.

As the pace of digital transformation increases rapidly, speed is fundamental. Security professionals need to address threats and security weaknesses promptly and efficiently, regardless of the increasing speed and volume of data. It’s our view that in order to be fast, security professionals, senior leadership and the Board should ideally work under a unified governance model, with extended cyber teams all accessing threat information in real-time, with industry-driven insights.

In the 'Digital Economy' and with the growing adoption of digital assets and Decentralised Finance (DeFi), cyber security becomes a source of competitive advantage with the right strategy, governance, and execution. Organisations have the opportunity to transform cyber into an opportunity, by treating security as a business challenge, not just a technology one.

Fundamental change in cyber risk management?

While investment management firms embark on their digitalisation journey, Executive Boards, CEOs, and their entire C-suite leadership team are realising the enabling power cyber has and they want full, proactive, and ongoing visibility of their entire cyber security exposure while driving efficiency and cost rationalisation.

A common platform where people, technology, processes and industry-specific threat intelligence are brought together is key to create a specific approach for integrated cyber security for investment management, hence quantifying and mitigating cyber risk.

To achieve results, there is a need for collaboration among themselves as well as their suppliers and partners to achieve global, enterprise cyber security risk management – as a service.

*Head of Financial Services and Insurance