Critical Cyber Controls

What are the key controls and processes for supporting effective cybersecurity in asset management?

Art by Cinta Fosch


With risks everywhere, responsibility for cybersecurity needs to be shared across asset owners and the companies in which they invest.

In a September presentation to an asset and wealth managers event sponsored by the Alternative Investment Management Association, WTW offered an assessment of the cyber threat landscape facing the industry, where gaps and exposures may exist, and the following cyber controls asset managers and asset owners should consider.

Multi-Factor Authentication
  • Additional security ‘layer’
  • Hackers love single-factor
  • Widespread deployment
Segregation / Segmentation
  • Reducing ‘blast’ radius
  • Supports response and recovery
  • Physical & logical segregation
Data Security
  • Encryption at-rest and in-transit
  • Data classification strategy
  • Data breach response plans
Incident Response & Business Continuity
  • Assume breach philosophy
  • Tried and tested > response efficacy
  • Cyber crisis management
Privileged Access Management
  • ‘Keys to the Castle’
  • Limit number of privileged users
  • Wider access control management
Backup Strategy
  • Resumption of business operations
  • Multiple formats / locations
  • Restoration testing a must
Security Testing
  • Internal- / External- facing systems
  • Structured program
  • Use software development lifecycle principles
End of Life / Unsupported
  • Enhanced monitoring
  • Segregation of environments
  • Strategy for decommission
Endpoint Security
  • Endpoint Detection & Response
  • Monitoring
  • Remove administrator privileges
Email Security
  • Email filtering & data loss prevention
  • Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication Reporting & Conformance a minimum
  • Awareness training is crucial!
Patching & Updates
  • Critical patching process / timeline
  • Formal change management plan
People Security
  • Multi-format training strategy
  • Phishing simulation
  • Assessment of cyber culture

Source: WTW

Related Stories:

How Private Equity Firms Can Protect ‘Treasure Trove’ From Digital Threats

Cybersecurity Investing Must Navigate Growth Slowdown

For more stories like this, sign up for the CIO Alert newsletter.

Tags: , , ,

Volatility: Treasury Bonds Fluctuating Even More Than Stocks

The price swings on government paper these days are ‘extremely elevated,’ according to the Bespoke Investment Group.

Treasury bonds are seldom very volatile, but their fluctuation since the Federal Reserve began boosting interest rates last year has been remarkable, outdoing even that of the S&P 500.

The volatility of exchange-traded funds tracking long-term (20-year maturities and above) Treasury bonds and the benchmark equity index was wilder last year, when the Fed began its tightening, but for the Treasurys, it  remains lofty.

According to a study by research firm Bespoke Investment Group, the iShares 20+ U.S. Treasury ETF, tracked over 200-day trading periods, still clocks moves of around 1% daily. That’s not the case for the stock ETF, the SPDR S&P 500 ETF Trust.

Upshot: Volatility for Treasurys nowadays outpaces that of stocks, Bespoke noted. “While average daily swings in both stocks and bonds have declined this year, volatility has been much slower to subside in the Treasury market than in the stock market,” the firm observed.

Never miss a story — sign up for CIO newsletters to stay up-to-date on the latest institutional investment industry news.

As Bespoke put it, “2022 was a year of extreme volatility for both stocks and bonds, and while things have quieted down a bit this year, volatility in the U.S. Treasury market remains extremely elevated.”

These days, “when Treasurys are swinging up and down (mostly down) 1% on a daily basis, that’s a very volatile environment,” the report stated. Aside from 2022, such energetic swings in Treasurys were brief and last seen during the pandemic’s 2020 onset and the Global Financial Crisis of 2008 and 2009 and its aftermath.  

In addition to the Fed’s rate boosts, other possible factors in provoking higher Treasury volatility, which Bespoke didn’t mention, include Washington’s increase in debt issuance to fund higher federal spending, thus adding more bonds to be traded, and the popularity of Treasurys as a refuge investment amid turbulent times globally.

Related Stories:

Volatility Has Little Effect on Public Pension Funded Levels in March

Look Out: Treasury Volatility May Not Be Over

Real Estate Remains a Haven Asset Class Amidst Market Volatility 

Tags: , , , , , , , , ,

«