Publications
Tips for Fund Managers Responding to Cyberattacks
December 2021
In 2021, private fund managers faced a persistent wave of cyberattacks with potential to inflict devastating harm. In a ransomware attack—the fastest-growing type of cyberattack—perpetrators threaten to take action that would result in a wholesale inability to access critical systems if the ransom is not paid.
Cyberattacks continue to grow in frequency and scope, as new reports claim that the group responsible for the SolarWinds attack targeted more than 600 organizations with nearly 23,000 attacks in its latest campaign.
The Securities and Exchange Commission has been increasingly aggressive in enforcing requirements for managers to maintain reasonable cybersecurity policies.
While many fund managers have stepped up their cybersecurity programs, cybercriminals continue to develop new ways to circumvent security measures. As fiduciaries that hold sensitive financial information, fund managers should be periodically evaluating and testing their preparedness for a cyber event.
The foundation of an effective cybersecurity breach response is the development and maintenance of an incident response plan. An IRP can be included as part of, or attached to, the firm's information security policy. By establishing policies and identifying resources for responding to a cyberattack before it happens, an IRP frees up resources to focus on assessing the nature of the specific attack at hand and taking measures to remediate and contain it.
Related People
Attachments
Related Insights
Alerts
The US Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) have overhauled Form PF and private fund managers have until March 12, 2025, to begin reporting on the new Form. The changes to the reporting requirements mandated by the amendments to the Form (“Form PF Amendments”) will require substantial preparation by many managers.[1]
Alerts
On March 1, 2024, New York Governor Kathy Hochul signed into law an amended version of the New York LLC Transparency Act (“NYLTA”),[1] requiring certain limited liability companies (“LLCs”) formed or authorized to do business in New York (each, a “NY Reporting Company”) to file a beneficial ownership information (“BOI”) report with the NY Department of State (“NY DOS”). Each NY Reporting Company will be required to disclose on its BOI report identifying information pertaining to each individual who directly or indirectly exercises substantial control or owns or controls 25 percent or more of the ownership interests of a NY Reporting Company (each, a “Beneficial Owner”) and the individuals involved in the NY Reporting Company’s formation or registration to do business in New York (each, an “Applicant”). Information reported to NY DOS will be maintained in a private database not accessible to the public. The NYLTA goes into effect on Jan. 1, 2026 and requires the NY DOS to promulgate regulations implementing the legislation.
Alerts
The US Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) have overhauled Form PF and private fund managers have until March 12, 2025, to begin reporting on the new Form. The changes to the reporting requirements mandated by the amendments to the Form (“Form PF Amendments”) will require substantial preparation by many managers.[1]
Alerts
On March 1, 2024, New York Governor Kathy Hochul signed into law an amended version of the New York LLC Transparency Act (“NYLTA”),[1] requiring certain limited liability companies (“LLCs”) formed or authorized to do business in New York (each, a “NY Reporting Company”) to file a beneficial ownership information (“BOI”) report with the NY Department of State (“NY DOS”). Each NY Reporting Company will be required to disclose on its BOI report identifying information pertaining to each individual who directly or indirectly exercises substantial control or owns or controls 25 percent or more of the ownership interests of a NY Reporting Company (each, a “Beneficial Owner”) and the individuals involved in the NY Reporting Company’s formation or registration to do business in New York (each, an “Applicant”). Information reported to NY DOS will be maintained in a private database not accessible to the public. The NYLTA goes into effect on Jan. 1, 2026 and requires the NY DOS to promulgate regulations implementing the legislation.
Alerts
The US Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) have overhauled Form PF and private fund managers have until March 12, 2025, to begin reporting on the new Form. The changes to the reporting requirements mandated by the amendments to the Form (“Form PF Amendments”) will require substantial preparation by many managers.[1]