From the outside perspective, hedge funds and private equity firms may look like they are equally at risk for cybersecurity attacks. However, due to the inherent differences in business practices, there could be more digital security options available for hedge funds. This is true for three main reasons: private equity employees are more geographically dispersed, firms have more market sensitive and potentially valuable information, and private equity data is typically less esoteric.
Data that is in one central location with limited access points is easier to secure. A security expert can easily tell where authorized access points are located, and thus can more easily spot unauthorized access. Additionally, a central, or a few central, locations are more straightforward to physically secure with on-site security. By securing an office space, it minimizes the chance that information is leaked when employees are on the phone or leave notes in the open.
Private equity funds are more geographically dispersed because their employees are required to constantly travel, whether to pitch companies and conduct investor road shows. When traveling, private equity employees continue to access secured information from a multitude of locations, often around the world. This diversity makes it significantly harder for a security expert to determine which accesses are legitimate or the presence of a cyber-attack. Additionally, it is more likely when traveling to have electronic devices, such as laptops or computers, or documents be stolen or lost. The information on these devices can then leak. The lack of a central location makes information harder to protect.
Hedge funds employees, on the other hand, have few reasons to travel. As a result, access is more centralized, and unauthorized access can be readily identified. Also, physical security for an office is significantly easier than security for a network of traveling employees. As a result, private equity funds are harder to secure from cyber-attacks.
Market Sensitive Data
While hedge funds and private equity firms both try to use their knowledge to beat the market, the two do so in very different ways. Hedge funds primarily create algorithms or strategies to optimize market knowledge to buy publicly traded assets, like stocks. This means they can deal with extremely complex data sets and use custom-made metrics to gauge the market. If an intruder were to get their hands on this information, the data could be meaningless without context.
Private equity, on the other hand, tries to invest in and take control of companies. This practice grants private equity firms’ private information not available to the market, and this information could have a significant impact on the market. As a result, this information could be more valuable and thus a bigger prize for cyber-attackers.
In addition to valuable information, private equity firms tend to keep their knowledge in an easy to understand form. Because private equity firms must consistently pitch companies and do investor roadshows, a lot of their information is in easy to understand forms such as PowerPoint or Excel.
On the other hand, hedge fund data is often in a more challenging to decipher form. Hedge funds usually store their information in databases and the information there can only be translated to another database; a layperson would not be able to understand this data.
Because private equity funds are required to present data to their investors in an easy to understand manner, and because the data can be highly valuable, there is more incentive to target private equity firms rather than hedge funds.
Private equity firms have already seen a high risk of cyber-attacks. 70% of private equity firms have been the subject of more than three breaches within the last year and most private equity firms are prioritizing investing in additional cybersecurity. Agio offers hedge fund cybersecurity and integrated Management IT to a variety of financial service providers. The experts at Agio can provide better cybersecurity to private equity firms and hedge funds.