Passing the assessment

Striving to build state-of-the-art cyber-defences is all well and good. But all is for naught if a manager cannot demonstrate the quality of those systems, procedures and practices to an increasingly savvy investor community and band of regulators. Investor due diligence questionnaires and regulatory exams are evolving with the times. In this final section, the report seeks to identify the areas of interest for third parties and the ways managers can prepare for their assessments.

Protection measures

After considering the different threats and where they come from, we will now assess the measures managers are taking to protect themselves. Best practice should include penetration tests by a third party, vulnerability suites or managed detection and response (MDR) systems, as well as traditional security measures. Staff education is also an area where those firms ahead of the curve excel, not only by administering tests, but by simulating attacks. After all, being prepared means being protected.


From malware and phishing to credential-reuse and DDoS, the types of cyber threat a hedge fund firm faces come in a rich variety of forms and pose a similarly wide range of risks. Knowing your enemy has rarely been so difficult. Not all cyber-attacks are created equal and not all hedge fund firms are equally affected. In this first section, we explore the types of cyber-threat having the biggest impact on hedge fund managers – the first step to building a suitable defence.


Identifying the current online threats to hedge fund firms and the managers most vulnerable to attack