According to Digital Journal, hedge funds – the high-profile investment firms – are the latest industry to recognize their cyber exposure and could be a great source of new clients for IT contractors.
Why are investment firms getting spooked about data security now? For starters, the onslaught of data breaches in the first half of this year has made many companies rethink their network security. As Target's sales numbers plummeted (see: "Data Breach Hangover: Target's Profits down 12%"), companies began to see that data security was about more than just privacy – it could have a real effect on their bottom lines.
The second reason for their concern is that the Securities and Exchange Commission (SEC) issued a cyber risk alert for investment firms. Let's take a look at what the SEC recommends for hedge funds and how IT companies can help them meet their new data security guidelines.
SEC to Investment Firms: Get Real about Data Security
In the cyber risk alert issued by the SEC, the regulatory agency outlined what firms will have to do if involved in any cyber security investigation. Firms must provide extensive documentation of their data security procedures, which means they need to have those procedures in place now.
In an investigation, firms will have to…
- Provide inventories of their physical technology.
- Review their software and data security technology.
- Map data flow, networks, and customer data storage.
- Prioritize hardware and software purchases for data security.
- Provide a copy of the firm's information security plan.
- Document past risk assessments.
- Provide names and responsibilities of managers who work on the firm's data security.
These actions are just a small sample of the efforts firms must make if the SEC has questions about their data security (you can read the full list in the link above).
With the SEC ramping up its demands for investment firms, many businesses are concerned about meeting these expectations. It's becoming more important for them to have their ducks in a row, establish a cyber security plan, and document all the data security procedures they have in place.
That's good news for IT consultants, as many hedge firms and other investment managers may look to hire IT security consultants to guide them through their data security overhaul and perform security audits.
How to Get New Business with Clients in the Financial Industry
There's a lot of money in the financial services industry, so working with investment firms can be a great way to get new clients with money to spend on major security upgrades. However, there are a few things you want to keep in mind when working with this industry:
- Know the industry and its regulations. If investment firms come to you looking for a security consultant, it’s smart to spend some time reviewing the SEC's data security recommendations. Clients always want to work with someone who knows their industry, but this is especially true for the intense Wolf-of-Wall-Street types that can dominate the investment industries.
- Be able to give some high-profile examples. The Wire reports on hackers targeting one big-name hedge fund, stealing its data, and installing malware to halt its trading. Authorities never released the name of this firm, but an example like this shows how cyber criminals can not only steal a firm's data, but also cripple its operations.
- Answer clients’ questions about their insurance and financial risk management. It only makes sense that a financial investment firm will want to know how they can hedge their data breach risks. Cyber Liability Insurance is a policy that the SEC recommends investment firms have to insure against a data breach. General Liability Insurance doesn’t cover the cost of a data breach, so if your clients have questions about their risk coverage, make sure they know which policy actually covers their data risks. (For more on how to talk with clients about insuring their risks, see "Study: You Can Probably Talk Your Clients into Buying Cyber Liability Insurance.”)
- Don't forget your own IT risk. Working for clients with a lot of financial data means you are exposed to a lot of data risk. If any of the software, hardware, or other services you use causes a data breach, you can be sued for damages. When clients are managing six- or seven-figure portfolios, a lawsuit can get expensive in a hurry. Imagine your liability if a firm can't make any trades for a week after a DDoS attack. You could be sued for hundreds of thousands of dollars in lost revenue and damages to the firm's reputation.
E&O Insurance protects you from the cost of a data security lawsuit or lawsuits about problems with your IT solutions. Whether your IT solutions involve the cloud, hardware, software, or some combination, E&O can cover your IT liability.
For a free IT insurance quote, submit an online insurance application, and one of our agents specializing in tech risk will send you a free cost estimate.