Although both types of financial service institutions handle highly sensitive data and massive monetary assets, Agio maintains private equity firms pose a bigger cybersecurity challenge than hedge funds.
Many feel this is counterintuitive; Hedge funds usually have more complex systems, more data, more transactions and more cash movements. But volume isn’t the only attribute that determines the complexity of securing an entity. The type of data, surface area, transaction information and other qualities of private equity firms make them harder to secure.
5 Reasons Why Private Equities are Harder to Secure
We know it’s hard to compare private equity firms and hedge funds. However, if the firms were equal sizes with an equal number of employees and the same amount of investment assets, our trained cybersecurity experts maintain there’s five reasons why it’s harder to protect a private equity firm than a hedge fund.
1. Unstructured Data vs. Structured Data
Private equity employees tend to use PDFs and other unstructured documents created in Microsoft Word, Excel and PowerPoint to work on their deals and portfolio companies. Hedge fund systems focus on structured databases containing their trades, positions and other data types. Cybersecurity solutions are generally much better suited for structured data sets than unstructured data sets.
2. Surface Area
We’re talking about the geographic surface area and the data surface area. By the nature of their work, private equity employees tend to travel to their portfolio companies much more than their hedge fund counterparts.
Also, because of the nature of their transactions, it is very hard to predict the exact data location and paths it will take for private equity firms. For example, they can’t predict the deals they’re going to execute in the next 12 months. However, most hedge funds can predict exactly where and how key data in the firm will be accessed and used for the next 6 – 12 months.
3. Publicly Available Deal/Transaction Information
Private equity transactions (acquisitions) are often a matter of public record and list a firm’s key role (CFO, for example) by name. Bad actors use this information to shape social engineering attacks in the form of phishing, pretexting or both (complex attacks) targeted at back office personnel and referencing a deal that just took place. A deal that closes in Asia can give hackers a significant head start due to the time zone differences and allow attackers to appear legitimate in their attempts due to the first-hand knowledge of the new transaction. These kinds of deals usually aren’t present at a hedge fund.
4. Consumer Devices vs. Enterprise Equipment
Private equity firms tend to have more consumer devices – tablets and laptops, for example – compared to hedge funds. While the hardware of these devices can make them secure, they lack many of the enterprise management tools commonly found inside organizations as part of a traditional, on-premise workstation’s physical security.
5. A Bigger Target
Both hedge funds and private equity firms usually have the same repositories of data that cybersecurity adversaries find very attractive:
- Personal identifiable information
- Personal health information
- Banking information
However, private equity firms have access to data that’s easier to monetize. If a breach were to happen, a bad actor could easily use the Dark Web to monetize a private equity firm’s information on mergers or acquisitions affecting public companies (known as Material Non-Public Information). If a hacker breached a hedge fund, they would have a hard time monetizing trade data or a unique trading strategy.
Protecting Your Private Equity Fund
From Agio’s vast experience managing hundreds of alternative asset managers across many firms, we’ve found these five points consistently prove private equity funds needed heightened cybersecurity over hedge funds. This isn’t to say hedge funds are easy to secure, either. Both types of funds need an attentive eye 24x7x365 to prevent, detect and mitigate cybersecurity threats and both need a strong governance program.
Agio offers a span of cybersecurity services to meet the needs of hedge funds, private equity firms, asset managers and other financial organizations. Contact us today to discuss how we can keep your portfolios safe.