Cybersecurity: A Sound Investment in Your Firm’s Future
By Ian Bowell, Head of Information Security – EMEA
Cybersecurity is now in the direct line of sight for executive management and boards in the alternative asset industry. C-level executives have the power to act and ensure the investment in their IT strategy. An effective cybersecurity program can protect infrastructure against severe threats and eliminate potential reputational damage caused by bad actors.
A company board is charged with guiding and challenging the company’s senior leaders. The board is in the right position to focus on opportunities in long-term, versatile cybersecurity planning. A short-sighted, narrow plan of action should be challenged in this ever-changing landscape.
Board members have a strategic role to play in guiding opportunities for expansion and change in response to threats as well as challenging long-held assumptions.
Relevant questions are:
- How are we responding right now to the threats affecting our industry?
- Where does the leadership team see the business in 2025?
- What can we do to move toward that vision?
However, it’s not so simple or complete. It’s a great step forward when top-level leadership is paying attention. There is still a lot to be done to quantify or address the risks in cybersecurity as well as demonstrate how an IT-based strategy can generate positive business outcomes. The investment is needed to raise the bar, and the wall, against the growing flow of vulnerabilities and opportunistic, well-planned hacking. Insider threat and exfiltration of data are other areas of concern with different indicators and protection tactics.
It’s great to recognize and identify the risk, but what should be done about it? What will happen if the board doesn’t act to fully eliminate or mitigate so many risks out there? There are two main approaches to evaluating cybersecurity requirements: maturity-based and risk-based and both are needed to function optimally.
Maturity-based approaches are great for a quick check across a very wide range of technical, and let’s not forget about physical, security challenges. Risk-based approaches are great for targeting specific prioritized areas, such as staff training, but one is not sufficient without the other.
Read more: Cybersecurity for a distributed workforce.
The maturity-based approach is necessary to cover all the ground and the risk-based approach can help prioritize the weakest areas, but both are needed to ensure a complete process. The maturity approach is useful when starting from scratch, or when facing a new environment, in need of assessment or update. The maturity approach also helps to feed the risk-based approach and roll up assessments across a company, enterprise, or organization with many entities, especially those recently acquired.
Often, a recent acquisition or series of acquisitions brings into focus the nature of cybersecurity as an investment risk, especially in the governance of ESG investors. Here at Thrive Technology Group, we are partnering with our clients to help assess their cybersecurity risk and maturity ultimately leading to a positive impact on their investment portfolio. Any firm in the alternative asset industry not sufficiently secure, and exploited by a cybersecurity attack, sees a significant market hit on the value of their company in the public and private markets. Thanks to mean reversion, this is also an opportunity for those ready to buy low and, subsequently, sell high, if the risk has been evaluated correctly.
Cybersecurity maturity changes over time, ideally improving from strategic planning by executive leadership and company boards. The benefit of a cybersecurity training program or intrusion detection investment can jumpstart the path to a more secure future. Thrive Technology Group is ready to take that first step with you in cybersecurity and be by your side for the journey.
Contact us to learn how you can succeed with Thrive.