On March 26, 2014, the SEC hosted a cybersecurity roundtable featuring representatives from regulators and the private sector. See “Seven Cybersecurity Risks That SEC Examiners Will Look for in Examinations of Hedge Fund Managers
,” Hedge Fund Law Report, Vol. 7, No. 17 (May 2, 2014). Three weeks later, OCIE issued a Risk Alert on cybersecurity preparedness in the securities industry, and announced a plan to examine more than 50 registered investment advisers and broker-dealers on cybersecurity matters. Just last week, CNBC and others reported that in late 2013, cyber criminals installed a malicious computer program on the servers of a large hedge fund manager, interrupting its high-speed trading strategy and routing trade information to offsite servers. Clearly, cyber threats are a practical problem for hedge fund managers and – in light of regulators’ recognition of the practical problem – a regulatory issue. A recent program offered concrete advice for hedge fund managers on addressing both the practical risk from cyber threats and the derivative regulatory risk. In particular, the program focused on three themes: how to craft and implement effective cybersecurity policies and procedures; what the SEC wants to see at hedge fund managers in terms of cybersecurity; and the availability of insurance against cyber risks and losses. This article summarizes the points from the discussion that hedge fund managers can use to update their approaches to cybersecurity. In addition, this article relays the four main findings from a recent report by McKinsey & Company on effective cybersecurity strategies. See also “Evolving Operational Due Diligence Trends and Best Practices for Due Diligence on Emerging Hedge Fund Managers
,” Hedge Fund Law Report, Vol. 7, No. 15 (Apr. 18, 2014) (section entitled “Cybersecurity”).