French asset managers have been warned that they could be nurturing a false sense of security over their management of cybersecurity risks.
The warning comes from the industry watchdog, the Authorite des Marches Financiers (AMF) following a thematic review.
The regulator noted that while cybersecurity practices have improved, there remains a lack of preliminary work on mapping the most sensitive data.
Based on the principle that only what is well-known is well protected, the regulator stated that this could “allow significant vulnerabilities to persist in the systems inspected, nurturing a false impression of security”.
The AMF is also concerned about insufficient coordination between asset managers and their third party providers.
The thematic review involved spot inspections of five asset managers between 2017 and 2020 and included specific analysis of cybersecurity practices during the first phase of the lockdown between March and May 2020.
The regulator had issued a warning to firms in January 2020 calling on asset managers to shore up their defences and ensure a robust business continuity plan is place.
On the positive side, the latest review found that cybersecurity systems had been notably reinforced helped by the appointment of a dedicated manager from the executive committee and regular awareness campaigns.
However, the lack of coordination between managers and their external counterparties is a notable area of concern.
This concern has been heightened due to “hackers’ knowledge of the data interchange flows between the AMCs and these outside participants”.
The AMF is not alone in its efforts to raise awareness of cybersecurity within the asset management industry.
The UK’s trade body, the Investment Association launched a cyber threat intelligence platform back in April 2020. The Central Bank of Ireland also published the findings of its Thematic Inspection of Cybersecurity Risk Management in Asset Management Firms in March 2020.
© 2021 funds europe