Focus on Funds

Fund Industry’s Cybersecurity Efforts Continue to Expand

With the help of ICI, the fund industry is creating new, global networks in the fight against cyberattacks. In the December 15, 2017, edition of Focus on Funds, Peter Salmon, ICI senior director for operations and technology, outlines the latest efforts. 

Transcript

Stephanie Ortbals-Tibbs, media relations director, ICI: Cybersecurity is an issue that only continues to grow in importance for the industry. And that means ICI is working globally on behalf of its members, to ensure that they have the resources that they need to support their efforts. At ICI’s recent Cybersecurity Forum, Peter Salmon gave me an update on our work.

Peter Salmon, senior director of operations and technology, ICI: We continue to meet with our chief information security officers here on a periodic basis, but we’ve expanded that model in London and in Tokyo. And together, working with other trade associations, we’ve gotten together with investment management companies and their security professionals, [to] impress upon them the importance of creating a network—a community of peers that is trusted where they can come together and share information, especially in Asia, Japan, and Australia. Those are relatively new areas for us informing these groups. There seems to be receptivity to that and [to] forming connections with law enforcement, not only within the investment management community.

Ortbals-Tibbs: And in major operational centers, like either a Luxembourg or an Ireland, you’ve been engaged more there as well.

Salmon: We had a very big event in Ireland, together with the Irish Funds Association. A couple of hundred professionals showed up and listened to a panel of local law enforcement, FBI, and ourselves, and a consultant, talk about the security concerns that they should be paying attention to.

I think what comes out of it is a heightened awareness to the threat that everyone is facing. We’re all in this together as well—this is a neighborhood problem, it’s not an individual firm issue. We’re much stronger together as a group confronting this, sharing information, and approaching this with solidarity.

Ortbals-Tibbs: Then I guess you could maybe almost call this the “neighborhood watch report.” You also have a survey that you do around this time of year with the members. Tell us where that activity stands.

Salmon: This is the third year that we’ve done a very comprehensive cybersecurity-benchmarking survey. We do one in the United States and then we do one through an affiliate group of IOSCO globally—so, outside of the United States.

It’s over 100 questions long. It covers all sorts of different aspects of an information security program. It has developed into a very valuable tool for these firms to use when having conversations internally—between compliance, and risk, and IT—but also with the boards, to demonstrate where their firm’s program is and how their practices line up with industry practice.

Ortbals-Tibbs: Tell me about, from today’s conference, some of the things you heard that you think are the most significant for the industry to think about and keep an eye on.

Salmon: I think there’s a lot. One is cloud computing, which is a wave that’s pretty much already here, but it continues to build and take over how our firms look at where they put their infrastructure, where they put their services, and what platforms they use.

Data-loss prevention was another panel. Obviously, there’s big concern about exfiltration of data and the steps to take to manage that. And creating a security environment within a firm—a trusted but monitored environment.

Unfortunately, I suppose, [cybersecurity] is an area that continues to evolve and get more complex as technology gets more complex, so we’re going to continue to have numerable areas that we can discuss and share information with, as you said, nontechnical individuals, and give them concrete pieces of information that they can bring back to their shop and explore further. 

Additional Resources

• ICI Information Security Resource Center
• ICI Viewpoints Series: Cybersecurity at Work
• Focus on Funds: How Should Fund Boards Engage in Cybersecurity?
• Focus on Funds: ICI Brings New Cybersecurity Offerings to the Fund Industry
• Other ICI Information Security Resources