Cybersecurity remains a top-of-mind issue for regulators, investors and advisers. As part of operational due diligence, investors often evaluate whether an adviser has robust cybersecurity defenses. Similarly, advisers must ensure that their administrators, brokers and other third parties have appropriate defenses. A program presented by the Investment Management Due Diligence Association (IMDDA) explored the fundamentals of cyber due diligence, the role of insurance in cybersecurity preparedness, recommendations for evaluating cyber insurance coverage
and the evolving cyber-risk landscape. The program was moderated by Richard M. Morris, partner at Herrick Feinstein, and featured Herrick partner Alan R. Lyons; Herrick associate Erica L. Markowitz; and Michael Stiglianese, managing director of BDO USA. This article
details the panelists’ insights, which provide valuable guidance to investors when conducting cyber due diligence on fund managers and to fund managers about the necessary elements of a cybersecurity program. For insights into the SEC’s expectations with respect to an adviser’s cyber policies and procedures, see “SEC Review of Cybersecurity Finds Gains Since 2014, but Cites Gaps in Training and Compliance
” (Aug. 24, 2017); and “Investment Adviser Penalized for Weak Cyber Policies; OCIE Issues Investor Alert
” (Oct. 1, 2015). For coverage of other IMDDA events, see “How Due Diligence Professionals Approach the Private Fund Review Process
” (Jun. 15, 2017); and “How Studying SEC Examinations Can Enhance Investor Due Diligence
” (Oct. 6, 2016).