Professional Cybersecurity Criminals Elevate the Stakes of Security in Fundraising Services

Avatar for Roger Woolman
By Roger Woolman Investor Services Industry Expert
June 15th 2023 | 3 minute read

Protecting your firm against cyberattack can be a thankless task – a role that consumes valuable resources and adds nothing to the bottom line. It is also one of the most important.

Like painting the Golden Gate Bridge, the cybersecurity job is never done. New threats are emerging all the time. The attacks are relentless and remorseless. And their sophistication is constantly growing.

Gone are the days of disaffected kids hacking into systems for the thrill of it. Today, cybercriminals are professional, motivated, well-resourced organisations that often collaborate together and are able to cause unprecedented damage – especially as the funds sector becomes progressively more data dependent. This is the cybercriminals’ job and they are exceptional at it. Firms that underestimate what they’re up against do so at their peril.

4 reasons cybersecurity excellence pays

For fund administrators, and the firms they service, the stakes are high and getting higher.

  1. Regulatory compliance

Legal obligations such as the General Data Protection Regulation (GDPR) already demand strong cybersecurity practices. Failure to meet the GDPR’s requirements can result in penalties of up to €20 million or 4% of global revenue. And the European Union is now upping the compliance ante with the Digital Operational Resilience Act (DORA), which is set to take effect in January 2025.

Worried that interdependencies between financial entities’, markets’ and market infrastructures’ information and communication technology (ICT) systems create systemic vulnerabilities, DORA introduces a common set of technology risk mitigation standards to ensure all key participants in the financial system can withstand cyberattacks and other risks. Firms with sub-standard operational frameworks can be fined up to 2% of their total annual worldwide turnover. Any security lapses or threat of regulatory action would also cause significant reputational damage.

  1. Fiduciary financial data protection duties

Fund administrators handle vast amounts of sensitive financial information, including end-investor account details, transaction data and asset valuations. Such high-value financial and personal data is gold dust for cybercriminals seeking to steal funds, commit identity theft or extort money from victims. Robust cybersecurity defences are essential in safeguarding clients’ information and preventing damaging data breaches.

  1. Trust and reputation

Trust is at the heart of fund administrators’ operating models. Clients entrust their administrator with monitoring and protecting investors’ assets and account information. Any hack or data leak will undermine that trust, and the confidence users have in the administrator’s services. Loss of trust and credibility can result in debilitating reputational damage and the potential loss of clients, with a concomitant hit to revenues.

Demonstrably robust cybersecurity practices can burnish a fund administrator’s reputation and instil confidence among its clients and prospects.

  1. Operational continuity

Fund administrators rely heavily on technology and digital interactions to perform their day-to-day fund accounting, transfer agency and reporting duties. A ransomware attack or system compromise can cause major disruption to those operations, preventing the administrator from servicing its clients.

Best practice cybersecurity protections such as regular backups, network monitoring and incident response plans help mitigate the disruption risk and ensure operational continuity.

Cybersecurity strategies

The financial services industry is in the crosshairs of the world’s cybercriminals. The financial stakes are high, on both sides, with much to win and lose.

Cybercriminals are constantly probing for opportunities, adapting their tactics to exploit vulnerabilities and gain access to valuable financial data. Fund administrators need to stay vigilant to defend against this barrage of attacks. Which means they cannot compromise on cybersecurity at any time.

Some strategies to help include:

  • Understand the evolving cybersecurity threat to your organisation. Keep informed about the latest tactics, weaknesses that can be exploited, and defences against them.
  • Quick detection makes all the difference, so if you suffer a breach act swiftly.
  • Maintain back-ups to minimise the damage that can be caused by breaches and ransomware attacks.
  • Have insurance in case of a ransomware attack.

And partner with infrastructure providers that continually invest in the latest, most robust cybersecurity protections.

Deep Pool is the #1 investor servicing and compliance solutions supplier, providing cutting-edge software and consulting services to the world’s leading fund administrators and asset managers. Our flexible solution suite, developed by an experienced team of accountants, business analysts and software engineers, supports offshore and onshore hedge funds, partnerships, private equity vehicles, retail funds and regulated financial firms. Deep Pool is a global organisation with offices in Dublin, Ireland, the United States, the Cayman Islands and Slovakia. For more information, visit:

Roger Woolman
Roger has over 25 years of experience as a finance & technology exec. He co-founded Deep Pool/HWM Group in 2006 & rejoined in 2021 following his role as Director of Funds & Alternatives at SS&C Advent where he oversaw business development activities for their international fund management business.