Bad Cyber Security = Bad Business for Financial Firms

At hedge funds, there’s been an all-too-common assumption that only larger financial institutions really need to worry about cyber security. As small businesses holding fewer assets than the big banks, funds often think of themselves as too small to be a target. “As long as we’re out of the spotlight,” the thinking goes “the bad guys just won’t see us.”

Unfortunately for funds taking their chances with cybercriminals, this way of thinking isn’t just dead wrong, it’s also highly dangerous. And when you consider the factors at play, it’s not hard to understand why. Aside from financial data, hedge funds are storing large amounts of personally identifiable information, which can fetch a high price on the black market.

In a hacker’s mind, when a mass of valuable data is sitting with a small company — one that’s unlikely to have the security resources of the larger firms — that is an easy score. So small hedge fund are often higher than the major banks on a cybercriminal’s list of targets.

Now, you may still be wondering: Does the potential loss from a data breach really justify an investment in better cyber security? But when you consider what’s really at stake, there shouldn’t be much to question. When client data is compromised because of sub par security, the impact on clients’ trust and the effort required to recover the business can be devastating.

Annual reports from the Ponemon Institute, which place the cost of a data breach at around $200 per record, don’t include the costs of reputation recovery and lost business in that estimate. However, according to reports from Ponemon and Symantec, financial firms can expect abnormal churn rates, greater than 5 percent, following a breach.

To keep that churn from climbing even higher, companies need to take swift and costly remediation actions to safeguard against further breaches. For example, following a mega breach involving 83 million client records, JP Morgan Chase pledged to double its security spend over the next year, increasing the price tag to $500 million.

In reality, hedge funds are facing the risk of lost business even without a data breach. As the SEC and other regulatory bodies become increasingly concerned about the state of cyber security, the agencies are warning investors about their risks. A less-than-stellar showing in cyber defense and a lack of compliance with security standards could already be driving wary prospects away from your fund.

If your hedge fund is behind the curve with its cyber security, the time to act is now. Gotham Security specializes in enhancing the security posture of financial firms, and we can help you meet and surpass the regulatory standards for an affordable defense program that actually works. For more information, contact us at or 917-734-4120.