Hedge Fund Standards Board recommends having a cyber incident response plan

Out-Law News | 22 Jan 2016 | 5:09 pm | 1 min. read

Organisations should put in place a cyber security incident response plan, the Hedge Fund Standards Board (HFSB) has said.

The HFSB, a standard setting body for the hedge fund industry, said preparing for cyber attacks is "important" and "establishes responsibilities, pre-identifies external resources and speeds decisions should there be an actual incident".

Establishing a cyber security incident response plan was one of the "key insights" the HFSB said it derived from a "table top" cyber attack test exercise it carried out in London last year. The exercise was designed to see how hedge fund managers might respond to cases of "data theft and leakage of internal sensitive data; financial infrastructure attack [and] crypto ransomware", it said. The HFSB expects to conduct a similar simulation in New York before the end of March.

The HFSB said the test also highlighted the potential for "confusion over responsibilities" to prevent organisations making "an effective response" to a cyber incident. It said managers within organisations cannot view cyber security matters as a matter for just IT staff to address "given the legal, compliance, investor relations and reputational issues involved".

Organisations also need to recognise that they might not be able to manage cyber attacks using just internal resources, the HFSB said.

"Managers should be prepared to quickly access external legal and IT expertise," it said.

Bill Trent, managing director at computer forensics company Stroz Friedberg, said: "This attack simulation exercise has shown that dealing with the technical aspects of cyber attacks is often only a small part of the overall response, and that the senior management of the firm needs to be well-prepared to manage the aftermath of an incident."

"Therefore, it is crucial that firms have an incident response plan in place that is understood at a senior level and across the entire firm. It is also important that firms do not overestimate their own capabilities and seek external help when a serious breach occurs," he said.