Hedge fund cyber security risk to financial systems

Red computer keyboard button with 'cybersecurity' written on it

Hedge funds must toughen their cyber security as they are being targeted by hackers and terrorists who seek to disrupt the financial system. 

The US Department of Justice believes hedge fund weakness poses a systemic risk and wants firms to do more.

John Carlin, assistant attorney-general for national security, spoke at a hedge fund conference in Las Vegas, urging firms to place more emphasis on cyber risks and information sharing.

While the largest Tier 1 banks are fully aware of the risks, Mr Carlin told the Financial Times that hedge funds are falling behind.

“Hedge funds hold a tremendous amount of capital, incredibly sensitive proprietary information, and valuable algorithms, but they are small shops and they often have very weak IT,” he told the newspaper.

Speaking at the SALT fund conference, he explained how nation states and high level terrorist groups are targeting hedge funds. According to Mr Carlin, it’s vital that government agencies and private firms work together more on this.

Earlier this year the Securities and Exchange Commission (SEC) investigated more than 100 broker dealers and investment advisers to assess their preparedness for cyber security risks.

The investigation looked at how these firms identify cybersecurity risks; establish cybersecurity policies, procedures, and oversight processes; protect their networks and information; detect unauthorised activity; and how they identify and address risks associated with remote access to client information, funds transfer requests, and third-party vendors.

“Cybersecurity threats know no boundaries. That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC,” said SEC chair Mary Jo White.

The SEC publication, a Risk Alert from the SEC’s Office of Compliance Inspections and Examinations (OCIE), contains observations based on these examinations.