Cyber Security Tiers for Asset Managers

A Layered Approach to Cybersecurity: eBook

When it comes to protecting your investment firm from serious cybersecurity threats, it's safe to say that less is definitely not more. In fact, it takes a pretty heavy arsenal of security measures to combat the ever-growing threats targeting your firm from both the inside and the outside.

But it may not be realistic for your firm to employ every cybersecurity technology/tool and develop and maintain a host of security policies - at least not from day one.

This eBook is designed to help you assess some of the cybersecurity protections that should be on your list. You’ll notice we’ve divided them by tiers, because, well, you’ll need to decide how much of your time, budget and resources are spent protecting your firm’s assets.

  • Tier 0: This is the 'must-have' list. There is no getting around these security measures.
  • Tier 1: This tier incorporates a few enhanced features as well as a strong contingency of policies to support your cybersecurity program. Plus- and here's the big one we keep talking about - employee security awareness training. Tier 1 is typically where most investment management firms fall today.
  • Tier 2: This can be considered an "advanced" tier, with the incorporation of progressive tools such as intrusion detection/prevention systems and next-generation firewalls. But this is quickly becoming the norm for mid-to-large asset managers, particularly as a means to demonstrate preparedness to institutional investors.