Focus on Funds

How Fund Board Directors Can Respond to Cyberthreats

With cybersecurity a high priority for the fund industry, how can fund board directors best respond? The August 19, 2016, edition of Focus on Funds details some key takeaways from a panel discussion at ICI’s recent Global Cybersecurity Conference in London.


Stephanie Ortbals-Tibbs, Director, ICI Media Relations: Fund board directors are more engaged than ever on cybersecurity issues. ICI Global’s latest cybersecurity conference offers some key takeaways for fund board directors on what they should know and do.

Tim Blank, Managing Partner, Dechert: The way I would think about it as a board member would be looking into the future and saying, “Am I going to be proud of the story that we tell about our cyber preparedness, awareness, and remediation efforts? And do we have the right person in charge? Do we understand the specific risks that are particular to our business? And are we managing our third-party vendors closely?”

Ortbals-Tibbs: If they ask themselves these questions and don’t like the answers, what should board directors do to better address cybersecurity issues?

Blank: Get the right person in charge. That’s the most important takeaway. Those people are scarce, important, and you need to have a person who knows your dataflow, knows where it resides, knows how to protect it, and what its vulnerabilities are.

Ortbals-Tibbs: We’ve talked about what fund directors should be thinking about and what they should feel responsible for. I think it’s also confusing for them because they’re trying to figure out how far their responsibilities go.

Blank: I think that’s right. The temptation is to have directors become experts in cybersecurity, but that’s unrealistic and I don’t think that’s expected. But every organization should have a CISO, or a chief information security officer, and the most important part of that is the chief. That’s a person you hire, and retain, and frankly, who you should rely on.

Ortbals-Tibbs: So, get the right people in place and then see where things go from there.

Blank: And make sure that you ask the hard questions. But more importantly, make sure that the chief information security officer asks the right questions of your organization.

Additional Resources