15 Dec 2016 | Consultancy
By definition, asset management firms control valuable financial assets. The size of the portfolios controlled by funds and organisations make for a healthy prize. Today’s firms need to be able to identify who has access to physical and electronic assets, and maintain an inventory of all (electronic and physical assets), to ensure they are backed up when employees leave the firm.
Asset management firms generate wealth for their clients and profit through intelligent and potentially risky investment decisions. Risk-taking is an intrinsic part of all investment businesses. However, the culture and attitudes of asset managers and firms is potentially at odds with the caution and risk adverse nature of cyber security.
Retail and commercial banks have been the focus of Government and regulator’s attention to date, bearing the brunt of adapting standards and demands for improvement. However, asset and fund managers are increasingly being drawn into the net. Firms need to assess how potential regulations will affect their businesses, and whether new internal controls, policies and procedures and governance structures will have to be implemented.
To date, most asset management firms have not invested in the technology and assurance activities that help ensure good security and lower technological risk. The current culture has not fostered awareness and consideration of potential threats posed by multiple threat actors at a time when financial services firms are being increasingly targeted.
Asset management firms control and rely on large amounts of data to inform their investment decisions and provide information relating to their clients (both institutions and high net individuals). Having comprehensive and accurate ‘big data analytics’ is now an established norm in the sector – processing unstructured data to find patterns and providing senior-level executives with key insights on how they can improve portfolio management and, ultimately, profitability. Careful consideration needs to be given to how data is handled and who is granted access to it.