Cybercriminals are increasingly relying on social engineering to attack corporate systems. Hedge funds are particularly vulnerable, given that they typically lack extensive in-house cybersecurity expertise; deal with large sums of capital; and have relationships with powerful clients and individuals. Social engineering fraud poses a number of risks to fund managers, including money transfer fraud; theft of passwords or trade secrets; customer-data compromise; revelation of trading positions and plans; and attacks on principals. Fortunately, managers can mitigate these risks by educating and training employees; instituting multi-factor authentication
; adopting verification procedures; limiting user access; and monitoring cybersecurity regulations. In addition, managers are increasingly able to rely on insurance
to cover social engineering fraud losses. In a guest article, Ron Borys, senior managing director in Crystal & Company’s financial institutions group, and Jordan Arnold, executive managing director in K2 Intelligence’s New York and Los Angeles offices and head of the firm’s private client services and strategic risk and security practices, examine the risks of social engineering fraud, how fund managers can prevent it and how insurance policies can be used to protect against related losses. See “New CFTC Chair Outlines Enforcement Priorities and Approaches to FinTech, Cybersecurity and Swaps Reform
” (Nov. 9, 2017); and “SEC Tackles Internal Cybersecurity Issues While Sharpening Cybersecurity Enforcement Focus
” (Oct. 5, 2017). For additional commentary from Borys, see “How E&O and D&O Liability Insurance Can Help Hedge Fund Managers Mitigate the Consequences of Regulatory Enforcement Actions
” (Jun. 2, 2016).