In today’s rapidly evolving digital landscape, cybersecurity readiness is not just a best practice but a critical necessity. Despite experiencing multiple cyberattacks over recent years, many organizations remain alarmingly unprepared, particularly within the financial sector. The maturity of an organization’s cyber readiness can significantly influence the outcome of an attack. While deploying multiple cybersecurity solutions may seem prudent, overreliance on numerous, often inappropriate tools can foster a dangerous overconfidence. Arootah Advisor Steve Hart helps us understand why a comprehensive and cohesive cybersecurity strategy is imperative for family offices and other financial services firms to effectively address the most pertinent gaps and risks.
Get the latest news and leadership insights for alternative investment industry and family office professionals. Sign up for The Capital Return newsletter today.
By providing your email address, you agree to receive email communication from ArootahThe Dangers of Overconfidence in Cybersecurity Measures
By way of example, the inability of a firm to identify where the source of a cybersecurity attack originates can make it materially challenging to combat an “enemy” without an identity or physical location. Modern cyber-attackers are predatory and patient. Hackers often install complicated malware that allows them to monitor family offices and other Registered Investment Advisers for months, waiting for the perfect time to strike. Most often, the leading troublesome aspect of data breaches and cybersecurity measures is that what may be adequate one day may become obsolete the next. Cybersecurity defense systems must evolve to keep pace in response to these daunting developments. The latest newer systems can now successfully identify hackers and target threats that may have only recently gone unnoticed until it was too late. According to Cisco’s 2024 Cybersecurity Readiness Index, most financial services organizations currently are not prepared sufficiently, with the majority of organizations experiencing cyberattacks where:
- 52% have experienced a cybersecurity incident in the past year
- 69% believe they likely will experience a cybersecurity incident in the next 12 to 24 months
- 80% of companies feel “moderately to very confident” in their ability to stay resilient against cyber-attacks; organizations appear to think they have everything under control
Yet 46% have ten or more unfilled cybersecurity roles, and 80% admit their use of multiple-point solutions is slowing down their ability to detect, respond to, and recover from incidents. When measured against Cisco’s cyber readiness maturity model, organizations come up lacking. Only 12% of family offices and Registered Investment Advisers (collectively, “FOs / RIA’s”) are considered appropriately equipped to combat the majority of applicable cybersecurity attacks that could exploit an existing vulnerability at any moment, with the vast majority of FOs / RIA’s either just starting or have some level of deployment but are performing below average on cybersecurity readiness across a range of areas. In short, most FOs / RIAs are not ready.
The Economic Impact of Cybersecurity Failures
Awareness and concern for data breaches, now more than ever, must motivate companies to take action. Family offices need more substantial incentives to implement more effective security measures. FOs / RIAs often fail to invest in the appropriate cybersecurity solutions because it may be viewed as discretionary spending instead of a business imperative. Senior management must begin to treat cybersecurity as it would any other risk management requirement. Indeed, a company may be thwarting its economic growth by not preparing for an inevitable cyberattack, as most clients will avoid doing business with FOs / RIA’s that fail to protect their cyberinformation and for cause. Unfortunately, the adverse economic effects of data breaches have not yet motivated the majority of FOs / RIAs to prioritize cybersecurity measures within their corporate governance.
The readiness measurements in Cisco’s 2024 Cybersecurity Readiness Index focus on identity, endpoints, network, cloud, and artificial intelligence. Yet despite 57% of organizations having experienced attacks, this report does not mention the user as a cyber readiness factor. For an organization to be genuinely “cyber-ready,” its users must also be prepared to utilize continual security awareness training to prevent attacks that bypass security controls.
The Bottom Line
Senior management needs to shift their mindset, viewing cybersecurity as a pivotal aspect of risk management rather than discretionary spending. Effective cybersecurity measures are protective and essential for sustainable economic growth and client trust. The adverse effects of data breaches highlight the need for robust cybersecurity investments as a core component of corporate governance. Arootah and its network of Advisors can empower workforces to make smarter daily cybersecurity decisions, strengthening cybersecurity by reducing human risk. Take the first step and sign up for a discovery call to learn how Arootah’s Hedge Fund Advisory can support you.
Get the latest news and leadership insights for alternative investment industry and family office professionals. Sign up for The Capital Return newsletter today.
By providing your email address, you agree to receive email communication from ArootahSources:
1. Tod Newcombe, The Nation’s Evolving Cyber-Security Issue: Are States Shoring up Their Defenses Enough to Protect Critical Data and Computer Infrastructure 258, 261 (2010).
2. Brad Lunn, Strengthened Director Duties of Care for Cybersecurity Oversight: Evolving Expectations of Existing Legal Doctrine, 4 J.L. & CYBER WARFARE 109, 131 (2014).