By Paul Ponzeka, Chief Technology Officer at Abacus Group
As alternative investment firms continue their ongoing digital transformation, several cybersecurity trends will be prominent in the coming year. Enhanced regulatory requirements around data security, privacy and compliance will demand organizations continue to strive for a more robust cybersecurity stance.
With increasingly stringent guidelines expected from bodies like the Securities Exchange Commission (SEC) covering areas like infrastructure security, record-keeping for digital communications and general cybersecurity controls, firms will face intensifying pressure to fortify their control frameworks.
In 2024, demonstrating rigorous due diligence, risk assessments, and ongoing monitoring of vendors will be key to meet heightened expectations. Firms must ensure third parties adhere to the same high security standards applied internally. Contracts should also allocate clear responsibility for responding to and reporting incidents. Firms that fail to meet the increasingly stringent requirements lay themselves open to potential fines and damage to their reputations.
These demands may strain budgets and resources, but alternative investment firms will need to meet them to retain trust with partners, customers, and investors, and avoid penalties from agencies that now prioritize cybersecurity more than ever before. In short, these organizations must proactively strengthen their control frameworks to navigate this period of intensifying oversight.
Securing hybrid work environments will continue to demand attention this year. Since the pandemic, alternative investment firms and their employees have embraced the flexibility and productivity gains of a distributed workforce.
However, this more diffuse attack surface expands risks which security controls must address. In the coming months, firms will need to ensure remote teams and assets accessed from any location are tightly secured, especially as threats continue evolving in sophistication. Secure access solutions, endpoint protection, identity verification, and monitoring of high-risk user behaviours will be vital. This includes the adoption of a Zero Trust Security framework, which operates on the principle of “never trust, always verify,” regardless of the location of the user, device or network. The adoption of Zero Trust has been dramatic, growing from 24% to 61% in just the last two years with another 35% planning to implement within the next 18 months, according to Okta. Financial services firm had even a higher adoption rate in 2023 at 71%.
Comprehensive security awareness training must also adapt to an environment where sensitive operations increasingly occur beyond the office perimeter. Employees are both your firm’s greatest asset but could also potentially be your greatest vulnerability. Malicious actors utilizing social engineering techniques such as phishing can trick employees wherever they are into exposing your firm’s sensitive data. An organization that fosters a culture of continuous cybersecurity awareness leaves themselves in a more secure position than one that doesn’t.
Going forward, securely enabling hybrid work will require innovative approaches, security awareness training, and diligent oversight to safeguard operations and data.
The world’s biggest trend of 2023 will evolve, but certainly not disappear in 2024. The onward march of AI presents both challenge and opportunity. While alternative investment firms rightly see potential in AI to boost efficiency and competitive advantage, significant barriers remain. The adoption of AI tools will accelerate, but ensuring responsible, compliant use will be difficult without proper skills and governance. Firms understand AI's opportunities, but are uncertain how to integrate new technologies securely or mitigate risks like data misuse. Regulatory compliance challenges are also unclear as AI remains largely unregulated.
However, with the right training and controls, AI could enhance decision-making and operations. Those able to navigate shortages of industry-specific expertise and establish responsible data practices will be best positioned to harness AI's power while avoiding its pitfalls. Careful management of both opportunities and challenges will therefore be paramount.
Investor influence on security standards will also strengthen in 2024. Investors are increasingly aware of cybersecurity's importance, with 71% of global asset managers highlighting it as a key concern during fundraising due diligence. They seek more detailed information, as noted in PwC’s Global Investor Survey 2023, where around half reported having limited or no information on companies' cybersecurity measures. This includes both quantitative and qualitative data, such as the types of technologies used, their purposes, effectiveness, and governance.
This growing concern over cyber risks marks a significant shift in investor attitudes. They are moving beyond basic assurances and demand in-depth, transparent information. This change represents a major shift in the investment landscape, especially in alternative investments, leading to more rigorous security controls and clearer communication strategies.
As alternative investment firms expand their ecosystems of third-party vendors and service providers, robust oversight and management of external risks will be increasingly crucial. With more sensitive data shared externally, investors will demand evidence of strong third-party controls to protect their assets.
The next 12 months will undoubtedly present cybersecurity difficulties for alternative investment firms as regulatory standards tighten, work models disperse, and threats grow more advanced. However, with foresight and strategic planning, these challenges can be transformed into opportunities for growth and resilience.
Firms that proactively bolster their controls to adapt seamlessly to changing rules will gain competitive advantage over laggards. Those that establish secure, productive hybrid infrastructure and build workforce skills will attract top talent. Managing third-party risks diligently and leveraging AI responsibly can enhance services while satisfying growing investor expectations.
For organizations that can rise to the occasion, 2024 offers the chance to cement stronger security cultures, fortify operations, and strengthen stakeholder trust by turning cybersecurity from a source of uncertainty into a driver of operational excellence. With vision and execution of the right strategies, challenges are likely to give way to new opportunities.
These Stories on cybersecurity