It’s “the biggest threat to the financial system,” according to the Securities and Exchange Commission’s Mary Jo White. And that includes the private funds industry, which has just seen two high-profile cases that should serve as a warning.
Fund administrator SS&C Technologies is being sued by hedge fund client Tillage Commodities to the tune of $10 million. Tillage alleges that SS&C was grossly negligent, when it wired a total of $5.9 million from the fund’s account to impostors who sent the fund administrator fraudulent emails. SS&C says the suit has no merit, since the thieves purported to be from Tillage and presented valid credentials.
Then there’s the bizarre story of Sienna Ventures, a fake venture capital firm that snared executives by claiming it wanted to hire them to lead a portfolio company it was buying in partnership with either Blackstone or The Carlyle Group. Candidates were asked to digitally sign a non-disclosure agreement, and then pay between $99-$129 to convert their resumes into a format readable by a recruiter’s software. After victims paid the fee, they were told the job no longer existed.
Not only are there high-profile cases close to home, but the SEC is saying it will take the issue more seriously. We gathered two GPs and three cybersecurity experts to give us their thoughts – and here are their key points.
Ransomware is rampant
Cyber attacks on private equity firms increasingly take the form of ransomware, which involves hijacking and encrypting data from a firm and then asking it to pay a ransom for the information’s return.
How are hackers able to grab the ransom and disappear in an instant? The answer is bitcoin, one cybersecurity expert says. GPs might want to consider building a bitcoin account in advance, so that the currency is available if an attack occurs.
LPs expect their GPs to be prepared…
Limited partners are starting to ask questions about cybersecurity in their due diligence. These questions typically focus on a firm's IT infrastructure, and range from the third-party vendor used to whether the firm carries out internal cyber audits.
“Last year, there were certainly some questions about cybersecurity-related items, but even more this year,” said one GP. “I think it's more in-depth.”
…but few firms ready themselves for cyber attacks
Preparing for a cyber attack is rarely a priority for firms busy fundraising or investing.
“People are just starting to get exhausted with [cybersecurity],” said the expert.
Meanwhile ransoms are getting larger, and insurers companies, which have to pay out more money to cover losses from ransoming, have started raising their prices.
Look out for the full version of this roundtable in our November edition.
If you do not receive this within five minutes, please try to sign in again. If the problem persists, please email: