Dublin / New York, Feb 7, 2024

As fund complexity and regulatory burdens grow, technology is playing an increasingly critical role. This has brought about an ever-increasing risk in the form of cyberattacks. These attacks can be catastrophic for fund managers where systems have become increasingly integrated and data flow is transferred to and from multiple sources.

Additionally, as we harness the power of advanced technologies, including AI, it's essential to recognize the double-edged sword they present. While AI offers significant benefits in automating and enhancing cybersecurity defences, its unregulated use can introduce new vulnerabilities and complexities. The impending regulation in this area underscores the importance of maintaining a delicate balance between leveraging AI's potential and safeguarding against its potential risks.

In no uncertain terms, cybersecurity has ascended to a prominent position on the regulatory agenda. In an environment where fund managers are bound by stringent regulations to protect sensitive financial information, non-compliance is not an option. Mandatory legal requirements like the General Data Protection Regulation (GDPR) necessitate stringent cybersecurity measures. Failure to meet the GDPR’s requirements can result in penalties of up to €20 million or 4% of global revenue. Moreover, the European Union is intensifying its regulatory requirements with the introduction of the Digital Operational Resilience Act (DORA). In force since January 2023, DORA aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other digital risks. The DORA rules will become fully applicable as from 17 January 2025.

The era where cybersecurity was solely the domain of IT departments has ended. Today, effective cyber risk management involves informed decision-making at every organizational level. In fact, cybersecurity should be on every board agenda.

Here are five key strategies to ensure comprehensive and effective cybersecurity management in an evolving digital landscape:

1. Risk Assessment Process:
   Regular assessments and strategy development are essential for defending against evolving cyber threats. This is a hot topic for the Central Bank of Ireland, the SEC, and the FCA, with all of them recommending that firms should conduct periodic assessments of their systems and create a strategy that is designed to prevent, detect and respond to cyber security threats.The threat of cyberattack is continuously evolving, especially with the advent of AI. New threats arise as weak points are closed. It’s about understanding the nature of the threat, so that processes and procedures are put in place to protect funds on a continuing basis.
2. Data Governance Policy:
   Governance plays a vital role in realising the security objectives of the organization, both for its current and future needs. To proactively manage cyber threats, a sound control environment needs to be established to ensure proper management of data, ensuring that it remains accurate and accessible whilst being protected. This includes assessing the firm’s strengths and weaknesses and prioritising enhancements. The ongoing development of the control environment needs to take into account that the underlying risk is ever changing and the rules governing data will also have to change as part of the risk management process.
3. Continual Implementation:
   A firm’s cyber security plan must have robust policies and procedures in place through every level of their business. It should be reviewed regularly and tailored to suit the firms’ needs.  Areas such as system maintenance, user access, business continuity and employee training need to be addressed. For example, far too many security breaches take place due to simple employee errors. As the saying goes “a chain is only as strong as its weakest link”. The same is true for every cyber security policy. Attackers will always look for the easiest point of entry and those points will change as a business grows. The key to the effective implementation of a cyber security plan is vigilance. The process is never complete.
4. Understanding the Evolving Cybersecurity Threats:
   The cybersecurity landscape is dynamic, with new threats emerging continually, enhanced with AI. It’s vital to keep abreast of the latest tactics used by cybercriminals, understand potential weaknesses that can be exploited and stay informed about effective defence mechanisms. This requires a commitment to continuous learning and adaptation.
5. Quick Detection, Response, and Regular Back-ups:
   The speed of detecting and responding to a cyber breach is paramount in mitigating damage. Implementing systems for rapid detection and establishing a robust response plan are essential. Concurrently, regular backups of critical data form a vital line of defence against data loss from cyberattacks, particularly ransomware. By ensuring that backups are consistently up-to-date, organizations can not only minimize damage but also accelerate the recovery process. This dual strategy of quick response and regular data backups is crucial for maintaining a resilient cybersecurity posture.

Karen Malone, Global Head of Product at Waystone Administration Solutions, comments, "Waystone Administration Solutions takes cyber security extremely seriously and manages cyber risk continuously and proactively. We understand what is at stake and are constantly making improvements to our protocols and procedures. This is not just an IT requirement; it's also a regulatory imperative. We ensure that our systems are fully compliant with the latest cybersecurity regulations, recognizing that adherence to these standards is just as crucial as our technological defences."

Karen adds, "Cybersecurity continues to be a top priority in the industry, and as we move into 2024, the emergence of new threats is inevitable. The need for heightened vigilance has never been more critical. At Waystone Administration Solutions, we are committed to closely observing the evolving cyber landscape, ensuring the timely identification and effective mitigation of any emerging risks or vulnerabilities."

• Click here for more information on Waystone Administration Solutions.
• Click here for more information on Waystone Regulatory Compliance Solutions.