On January 21, the Hedge Fund Standards Board (HFSB) released the results of its first cyber-attack simulation (via a press release dated January 19).
The HFSB is responsible for the Hedge Fund Standards, which set out standards of transparency, integrity and good governance for the hedge fund industry. The HFSB engages with EU and UK regulators on a number of areas, including the EU Alternative Investment Fund Managers Directive, financial stability and short selling, among others. The HFSB also maintains a “Toolbox,” which provides further guidance to firms on themes covered by the Hedge Fund Standards. In September 2015, the HFSB published and added a Cyber Security Memo to the Toolbox, which contains practical guidance to assist firms to build risk management tools, identify “key digital assets” and to develop response plans in the event of a cyber-attack.
The cyber-attack simulation was designed to test the responses of fund managers in respect of three scenarios: data theft and leakage of internal sensitive data, financial infrastructure attacks and incidents involving “crypto ransomware.”. One of the key findings of the HFSB was that firms must prepare in advance for cyber-attacks and implement a clear incident response plan to establish roles and responsibilities within the firm should an incident occur. A further key finding was that managers must be able to recognise when certain cyber-attack incidents require “external legal and IT expertise” and seek such assistance accordingly.
Cybersecurity remains on the radar for UK and EU regulators. In the Corporate & Financial Weekly Digest edition of December 11, 2015, we discussed the European Commissions’ announcement that European Parliament, Council and Commission had reached an agreement on the wording of a new EU Cybersecurity Directive. The Directive was expected to be published in December 2015; however, it has yet to be released.
A copy of the HFSB’s press release can be found here.
A copy of the Cyber Security Memo can be found here.