Critical Cyber Controls | Chief Investment Officer

Art by Cinta Fosch

With risks everywhere, responsibility for cybersecurity needs to be shared across asset owners and the companies in which they invest.

In a September presentation to an asset and wealth managers event sponsored by the Alternative Investment Management Association, WTW offered an assessment of the cyber threat landscape facing the industry, where gaps and exposures may exist, and the following cyber controls asset managers and asset owners should consider.

Multi-Factor Authentication	Additional security ‘layer’ Hackers love single-factor Widespread deployment
Segregation / Segmentation	Reducing ‘blast’ radius Supports response and recovery Physical & logical segregation
Data Security	Encryption at-rest and in-transit Data classification strategy Data breach response plans
Incident Response & Business Continuity	Assume breach philosophy Tried and tested > response efficacy Cyber crisis management
Privileged Access Management	‘Keys to the Castle’ Limit number of privileged users Wider access control management
Backup Strategy	Resumption of business operations Multiple formats / locations Restoration testing a must
Security Testing	Internal- / External- facing systems Structured program Use software development lifecycle principles
End of Life / Unsupported	Enhanced monitoring Segregation of environments Strategy for decommission
Endpoint Security	Endpoint Detection & Response Monitoring Remove administrator privileges
Email Security	Email filtering & data loss prevention Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication Reporting & Conformance a minimum Awareness training is crucial!
Patching & Updates	Critical patching process / timeline Formal change management plan
People Security	Multi-format training strategy Phishing simulation Assessment of cyber culture

Source: WTW

Related Stories:

How Private Equity Firms Can Protect ‘Treasure Trove’ From Digital Threats

Cybersecurity Investing Must Navigate Growth Slowdown

For more stories like this, sign up for the CIO Alert newsletter. 

Tags: Cybersecurity, Cybersecurity Risk Management, Special Coverage: Cybersecurity, WTW

Treasury bonds are seldom very volatile, but their fluctuation since the Federal Reserve began boosting interest rates last year has been remarkable, outdoing even that of the S&P 500.

The volatility of exchange-traded funds tracking long-term (20-year maturities and above) Treasury bonds and the benchmark equity index was wilder last year, when the Fed began its tightening, but for the Treasurys, it remains lofty.

According to a study by research firm Bespoke Investment Group, the iShares 20+ U.S. Treasury ETF, tracked over 200-day trading periods, still clocks moves of around 1% daily. That’s not the case for the stock ETF, the SPDR S&P 500 ETF Trust.

Upshot: Volatility for Treasurys nowadays outpaces that of stocks, Bespoke noted. “While average daily swings in both stocks and bonds have declined this year, volatility has been much slower to subside in the Treasury market than in the stock market,” the firm observed.

For more stories like this, sign up for the CIO Alert newsletter. 

As Bespoke put it, “2022 was a year of extreme volatility for both stocks and bonds, and while things have quieted down a bit this year, volatility in the U.S. Treasury market remains extremely elevated.”

These days, “when Treasurys are swinging up and down (mostly down) 1% on a daily basis, that’s a very volatile environment,” the report stated. Aside from 2022, such energetic swings in Treasurys were brief and last seen during the pandemic’s 2020 onset and the Global Financial Crisis of 2008 and 2009 and its aftermath.

In addition to the Fed’s rate boosts, other possible factors in provoking higher Treasury volatility, which Bespoke didn’t mention, include Washington’s increase in debt issuance to fund higher federal spending, thus adding more bonds to be traded, and the popularity of Treasurys as a refuge investment amid turbulent times globally.