Cybersecurity has always been a pressing concern in financial services, but it is becoming a priority for investors.
In terms of concerns, cybersecurity is always near the top for private banks, wealth managers and their clients. Protecting money, especially at the level of wealth, is crucial.
Go deeper with GlobalData
Cybersecurity has become the foremost operational concern for investors during fundraising due diligence, according to the latest Core Alternative Managers’ Mood Index (CAMMI) report by Gen II Fund Services. The report, which surveyed over 120 UK and European asset management firms, indicates that 27% of investors now prioritise cybersecurity in operational due diligence conversations, reflecting heightened awareness of digital threats in the private capital industry.
Alex Di Santo, head of private equity, Europe, for Gen II said: “Cybersecurity has risen to become one of the most important operational topics in due diligence processes, reflecting growing concerns about digital threats. The CAMMI survey shows that the rapid pace of technological innovation and development of artificial intelligence have exposed concerns around cyber risks, including data breaches, ransomware attacks and phishing scams.”
He continued: “By virtue of their resources, larger fund managers are better able to defend themselves from and educate their staff around cyberthreats, but smaller managers may not be sufficiently scaled to do so to the same degree. We see smaller managers in the space seeking increased support from their outsourced partners who can offer robust measures to safeguard their data and who invest in cutting edge technologies to safeguard against emerging threats.”
Cybersecurity for investors and wealth
Commenting on cybersecurity in the wealth sector to PBI, Accenture’s Cyber Security lead in the UK, Kamran Ikram, explained:“Cybersecurity and resilience are crucial for wealth management. Customers need assurance that their sensitive data is protected and handled confidentially. This fundamental premise carries out in their robust security controls to thwart attempts from cybercriminals aiming to breach systems to steal information and money.
“Firstly, cybersecurity efforts focus on authentication. Effective identity management and access controls ensure only authorised personnel access sensitive information. Companies must be crystal clear in their policies on who accesses what data and why.
“To defend against external threats, many wealth management firms invest heavily in perimeter security, including securing data on servers in specific data centres and preventing unauthorised external access. On-premises servers are often fortified with stringent controls to minimise breach risks. The significant risk of insider threats also underscores the importance of stringent internal controls.
“And while there is a necessity for tight security, wealth management companies must also remain connected with the outside world for communication and collaboration. Essential communication channels, such as email and messaging, present vulnerabilities which need to be safeguarded from exploitation.
“In wealth management, client-advisor relationships are crucial. A major vulnerability today is deep fakes and AI-powered fraud which has the power to exploit these relationships. Sophisticated AI-generated impersonations, through hyper-realistic video, emails and texts, can dupe people into granting access to systems or revealing sensitive information. Wealth management companies are starting to get smarter about how they implement advanced detection and prevention measures.
“Wealth firms also need to have a strategy of operational resilience in the event of a breach – and this means building a ‘lifeboat’. These environments will be sandboxed from wider infrastructure and ready to be ‘hydrated’ with pre-determined critical data to restore operations swiftly. Cyber resilience strategies will extend to include partners and suppliers, ensuring that the entire supply chain is secure.
“Overall, in the wealth management industry, tight cybersecurity is a non-negotiable aspect of doing business. It’s not just about investing in internal and external controls and parameters – in a world of deepfake threats – investment in training is also key. Vigilant humans who are switched on to spot the risks posed by fraudsters using AI are also your best defence.”
Q&A with ARK Invest Europe
PBI: What is the state of cybersecurity in the sector at the moment?
Rahul Bhushan, managing director at ARK Invest Europe: “It’s lagging where it counts. Firms are digital-first but security-second. Legacy systems, growing data exposure, and weak vendor oversight are leaving gaps. The threats are evolving faster than the defences.”
Is it a frequent conversation with clients? If so, how do you ease concerns?
“It needs to be. If you’re not addressing cybersecurity, clients will assume it’s not a priority. Keep it direct—show them what’s in place, what’s being done regularly, and how they play a role. It’s about control and confidence, not fear.”
What are the biggest hurdles when it comes to being strong with cybersecurity?
“Old systems, not enough skilled people, and poor internal habits. Technology moves fast, but too many firms are slow to adapt. Without the right people and processes, even the best tools fall short.”
