Private markets: Cybersecurity risk in fund administration

Last year’s Sunburst cyber-attack against public and private organisations worldwide acted as a reminder of the growing sophistication of cybercrime and the need for solid cybersecurity.

In our recent specialist fund administration roundtable, panellists discussed cybersecurity and where vulnerabilities lie in the privates sector.

“The Sunburst attack was very interesting,” Noel Fessey, CEO of European Fund Administration, said. “I don’t think state resources were directly employed, but it was probably state-funded and state-backed through a sophisticated cyber-attack ‘house’.”

According to Fessey, who 20 years ago was the global head of IT security for Schroders, apart from intelligence-gathering, you have to get back to the basics of understanding “what your layered defensive arrangements should be”. 

“These will depend on three pillars, one of which is technological, another is procedural and the final one relates to personnel. It’s the last which is perhaps the greatest vulnerability, because humans make mistakes.”

Fabrice Mas, head of PERA, Luxembourg, MUFG Investor Services, highlighted that cybersecurity technology these days is quite evolved.

“You have firewalls and lots of quite sophisticated things, but at the same time, you also have sophisticated attacks.

“When you look into cyber-attacks, you often discover that they found an entry point through people by creating trust. Then people download or click on something. Staff training is therefore key.”

Jervis Smith, country managing director, Luxembourg, Vistra, explained how last year Vistra launched an internal campaign – ‘Play your part, be cybersmart’. 

“You just have to keep repeating the message, and you have to be vigilant around your people − the people who’ve got control of the keys to the ‘safe’ and control of the ‘keys’ as such,” he told panellists. 

For Christian Heinen, managing director at IQ-EQ Luxembourg, being realistic is crucial when it comes to cybercrime and cybersecurity.

“We have grown significantly in recent years, organically and inorganically, but the bigger you become, the more exposed you become because you are a more interesting target,” he said.

“You can of course put in place the best IT team and we are also working with partners who simulate attacks and such like, but there are things that we cannot necessarily influence, such as the attack on SolarWinds in 2020.”

As Robert Brimeyer, managing director of Alter Domus Luxembourg, highlights, the reason why people engage in cybercrime is because it’s a very easy way to get access to money.

“Either they want to steal information to monetise it, or they just want to steal money. In our private markets industry, money flows in very big amounts and it’s easy to divert it if you use the weakness of people,” he said.

Stéphane Pesch, CEO of LPEA, added: “If the vulnerable point is people, you respond to that problem by educating and training them. You also watch out for behaviours and have the right systems on board, but certainly take external elements into account too.”

Read more: Specialist fund admin roundtable: Technology and the human touch

© 2021 funds europe



The tension between urgency and inaction will continue to influence sustainability discussions in 2024, as reflected in the trends report from S&P Global.
This white paper outlines key challenges impeding the growth of private markets and explores how technological innovation can provide solutions to unlock access to private market funds for a growing…


Luxembourg is one of the world’s premiere centres for cross-border distribution of investment funds. Read our special regional coverage, coinciding with the annual ALFI European Asset Management Conference.