Skip to main content

Last week, SEC chair Mary Jo White stated that Cybersecurity is the biggest threat to the financial system.

The speech at the Financial Regulation Summit in Washington DC has been described as the strongest warning yet, and with statements such as “we can’t do enough for this sector” we’re all reminded not just of the very real rising hedge fund cybersecurity threat, but also the reality of the SEC’s broken windows policy.

Pursuing even the most minor rule violations, hedge fund non-compliance cases that may have been met with a slap on the wrist or a stern word of warning in years gone by now face enforcement. And according to the SEC chair, this isn’t changing any time soon.

The message is pretty clear: hedge funds can’t afford any oversights when it comes to cybersecurity compliance.

Another big focus – one perhaps brought about by the recent SWIFT case and an $81m cyberheist at a Bangledeshi central bank – is that the cybersecurity policies and procedures that are in place are not adequate for the level of risks faced by organizations.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks”

You ignore regulators and examiners at your own risk; this is no time to overlook any areas of cybersecurity compliance in any area of your operation.

The SEC are increasingly thorough in their assessment and it’s clear the days of pre-trade activity (and yes, that means research management) avoiding the glare of the SEC are over.

With insecure consumer technology, siloed research processes and informal data management practices the norm in so many hedge funds, overlooking compliance and cybersecurity at the research level is a significant risk.

The recent speech been labeled a historic recognition. Cybersecurity has been a recurring theme for the regulators for years; the SEC’s rhetoric forever rising in intensity. But this does feel different.

This latest, very public, somewhat damning assessment of the cybersecurity capabilities of the US financial industry indicates action; action from the SEC, and from all of those registered with them.

If you’d like to discuss strengthening the cybersecurity compliance posture of your research operations, get in touch.