DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?



Similar documents
DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

MERCER WEBCAST MEETING TODAY S CHALLENGES FOR 401(K) SPONSORS OCTOBER 22, Liana Magner Amy Reynolds

TARGET DATE FUNDS 10 YEARS LATER AND BEYOND

CYBERSECURITY EXAMINATION SWEEP SUMMARY

WHOLE OF LIFE SUPERANNUATION

RATING REPORTS ON GLOBAL INVESTOR PROGRAMME ( GIP ) FUNDS

OCIE CYBERSECURITY INITIATIVE

Cybersecurity. Are you prepared?

OCIE Technology Controls Program

F G F O A A N N U A L C O N F E R E N C E

Common Data Breach Threats Facing Financial Institutions

HIGH YIELD BONDS UNDER STRESS?

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

ENDOWMENT & FOUNDATION GOVERNANCE: FIDUCIARY OVERSIGHT AND IMPLEMENTATION MAY 2013

Ayla Networks, Inc. SOC 3 SysTrust 2015

PREPARE YOUR INCIDENT RESPONSE TEAM

FINAL May Guideline on Security Systems for Safeguarding Customer Information

FINRA Publishes its 2015 Report on Cybersecurity Practices

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Information for Management of a Service Organization

Big Data, Big Risk, Big Rewards. Hussein Syed

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

How a Company s IT Systems Can Be Breached Despite Strict Security Protocols

Cyber Security. John Leek Chief Strategist

Cybersecurity: What CFO s Need to Know

Top Fraud Trends Facing Financial Institutions

MULTI-ASSET STRATEGIES REDEFINING THE UNIVERSE APRIL 2014

The Business Case for Security Information Management

Attachment A. Identification of Risks/Cybersecurity Governance

Collateral Effects of Cyberwar

How To Protect Your Data From Being Hacked

NATIONAL CYBER SECURITY AWARENESS MONTH

Cybersecurity: Protecting Your Business. March 11, 2015

FINANCIAL SERVICES Model Cybersecurity Contract Terms and Guidance for Investment Managers to Manage Their Third-Party Vendors

HEALTH WEALTH CAREER FIDUCIARY INVESTMENT ADVICE NEW DOL RULE IMPLICATIONS FOR RETIREMENT PLAN SPONSORS MAY 19, 2016

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Independent Thinking. The Changing Landscape for Wealth Management

RETHINKING CYBER SECURITY Changing the Business Conversation

CYBER-LIABILITY COVERAGE: The $ 45 Million Dollar Exposure

Managing Cyber Risk through Insurance

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

10 Smart Ideas for. Keeping Data Safe. From Hackers

Data Breaches and Cyber Risks

Cybersecurity Awareness. Part 1

Stocks: Quick-start guide part 3 - Orders & Tickets

IT Security to Combat Today s Cyber Fraud

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Cyber Risks in the Boardroom

Logging In: Auditing Cybersecurity in an Unsecure World

Cyber Security An Exercise in Predicting the Future

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cybersecurity and Insurance Companies

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Internet threats: steps to security for your small business

PROPOSED INTERPRETIVE NOTICE

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

DISCLAIMER. Any fact, assessment, analysis, forecasts, opinion and other information (collectively Information ) released by:

THE ROLE OF LIQUID ALTERNATIVES IN WEALTH MANAGEMENT

Vulnerability Assessment & Compliance

How-To Guide: Cyber Security. Content Provided by

Legal Notices. Purpose and Scope of Website. StanCorp Financial Group, Inc. Contact Us. Public Affairs. Special Investigations Unit

THE EVOLUTION OF CYBERSECURITY

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

AHLA. N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO

PRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS

DATA BREACH COVERAGE

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Perspectives on Cybersecurity in Healthcare June 2015

Connect Smart for Business SME TOOLKIT

Terminated Vested Cashouts Overcoming Common

Transcription:

HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0

CYBERSECURITY BREACHES 1. Target 2. JPMorgan 3. Code Spaces 4. Sony 5. Pentagon SEC reported that 74% of advisors and 88% of broker-dealers have had unauthorized access to their network 1 1 SEC cybersecurity examination sweep summary Feb 3, 2015 OCIE Volume IV, Issue 4 MERCER 2015 1

HOW BIG IS THE PROBLEM? 270% increase in identified victims and exposed losses 1 Cyber crime costs the global economy up to $500 billion annually 1 90% of large organizations reported a breach 2 122 successful attacks per week 3 Over the last four years cyber attacks on businesses have increased by 144% and the average time to resolve has increased by 221% 4 1 Merrill Lynch CIO Reports 2 Security Breaches Survey PWC 2015 3 Ponemon Institute 4 CYREN Cyber Threat Report, 2015 MERCER 2015 2

WHY GLOBAL TREND WILL CONTINUE 1. Role of technology continues to expand 2. Motivation - Financial gain - Malicious intent - Promote beliefs - Challenge - Risk / Reward analysis MERCER 2015 3

CYBERCRIME INCIDENTS Banking and Finance FINANCIAL FRAUD DENIAL OF SERVICE ATTACKS 29% FINANCIAL LOSSES COMPROMISED/STOLEN RECORDS IDENTITY THEFTS 20% NO INCIDENTS 20% 23% 23% 36% 0% 5% 10% 15% 20% 25% 30% 35% 40% SOURCE: PWC CYBERCRIME REPORT MERCER 2015 4

POINTS OF ENTRY MOBILE BUSINESS DEVICES CONTACTS Employees WEBSITE & MARKETING SOCIAL MEDIA 3 RD PARTY VENDORS 3 rd Party Vendors EMPLOYEES FAMILY- FRIENDS SOCIAL MEDIA Organization 3 RD PARTY VENDORS MOBILE DATA DEVICES STORAGE (CLOUD) NETWORK HARDWARE Clients EMPLOYEES MERCER 2015 5

INDUSTRY AND REGULATORY GUIDANCE NIST CYBERSECURITY FRAMEWORK 1 Identify Protect Detect Respond Recover 1 NIST website SEC RISK ALERT 2 Cybersecurity Governance (Policies, Procedures, and Oversight) Risk Associated with Remote Customer Access and Fund Transfer Requests Risks Associated with Vendors and any Third Parties Detection of Unauthorized Activity Experiences with Cyber Threats 2 Morgan Lewis summary of the SEC risk alert Feb 2015 BEST PRACTICES GOVERNANCE AND POLICIES EMPLOYEE TRAINING TECHNOLOGY THIRD PARTY ASSESSMENT MERCER 2015 6

BEST PRACTICES GOVERNANCE AND POLICIES Culture Senior Management Engagement Accountable Oversight Proactive Approach Processes Documented Information Security Policy Cybersecurity and Risk Assessment Test Cyber Insurance Risk Transfer Monitor Cash Activity Daily Third Party / Vendor Due Diligence Policy MERCER 2015 7

BEST PRACTICES EMPLOYEE TRAINING Awareness Passwords Public Wi-Fi Local Drives Email Communication Scam Preparation Phishing MERCER 2015 8

BEST PRACTICES TECHNOLOGY Security Network, Physical, Data, Logical Systems Malware / Anti-virus Patching and Updates Intrusion Prevention System and Testing Cloud Technology Backup Process and Testing MERCER 2015 9

BEST PRACTICES THIRD PARTY ASSESSMENT Tools Classify Vendors Define Assessment Process SLAs and Contract Management Monitor Business Relationships Plan For Vendors Not Meeting Requirements Independent Assessments (SSAE16 SOC Testing) MERCER 2015 10

KEY TAKEAWAYS Cyber risk will continue to rise Conduct an assessment against industry best practices Monitor investment organizations and third parties Document your due diligence process Partner with expert providers for implementation MERCER 2015 11

Important notices References to Mercer shall be construed to include Mercer LLC and/or its associated companies. 2015 Mercer LLC. All rights reserved. This contains confidential and proprietary information of Mercer and is intended for the exclusive use of the parties to whom it was provided by Mercer. Its content may not be modified, sold or otherwise provided, in whole or in part, to any other person or entity, without Mercer s prior written permission. The findings, ratings and/or opinions expressed herein are the intellectual property of Mercer and are subject to change without notice. They are not intended to convey any guarantees as to the future performance of the investment products, asset classes or capital markets discussed. Past performance does not guarantee future results. Mercer s ratings do not constitute individualized investment advice. Information contained herein has been obtained from a range of third party sources. While the information is believed to be reliable, Mercer has not sought to verify it independently. As such, Mercer makes no representations or warranties as to the accuracy of the information presented and takes no responsibility or liability (including for indirect, consequential or incidental damages), for any error, omission or inaccuracy in the data supplied by any third party. This does not constitute an offer or a solicitation of an offer to buy or sell securities, commodities and/or any other financial instruments or products or constitute a solicitation on behalf of any of the investment managers, their affiliates, products or strategies that Mercer may evaluate or recommend. For the most recent approved ratings of an investment strategy, and a fuller explanation of their meanings, contact your Mercer representative. For Mercer s conflict of interest disclosures, contact your Mercer representative or see www.mercer.com/conflictsofinterest. Mercer universes: Mercer s universes are intended to provide collective samples of strategies that best allow for robust peer group comparisons over a chosen timeframe. Mercer does not assert that the peer groups are wholly representative of and applicable to all strategies available to investors. The value of your investments can go down as well as up, and you may not get back the amount you have invested. Investments denominated in a foreign currency will fluctuate with the value of the currency. Certain investments carry additional risks that should be considered before choosing an investment manager or making an investment decision. MERCER 2015 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information