A cyber breach can have serious legal, financial, and reputational consequences for a fund sponsor, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at fund sponsors should take the lead to ensure that the sponsor is taking appropriate actions to protect itself against cyber risks. There are several steps that senior management can guide the fund sponsor to take to prevent breaches from occurring and to mitigate the impact when they do occur.
Private Equity and Cybersecurity: Threats, Consequences, and the Regulatory Framework
Cybersecurity breaches and threats are pervasive concerns for any entity storing valuable data or managing large sums of money: private investment funds are no exception. Recently three private equity firms suffered breaches that compromised their email accounts and wire transfers, resulting in $1.3 million in losses. We have seen the SEC follow through on its 2019 priority of examining investment advisers about their cyber-security measures, as well as inquiring if they have suffered from a cyber-security breach. We expect that trend to continue. Fund sponsors should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the statutory and regulatory framework governing cybersecurity. Fortunately, there are precautionary measures that fund sponsors can implement to help prevent a breach and to mitigate the scope and damage from a breach if one were to occur. We will elaborate on both the steps to take to guard against a breach and how to effectively respond to a breach in a forthcoming post.