Hedge Funds vs. Private Equity Cybersecurity – Why is one easier to secure than the other?

    *From a birds-eye view, both hedge funds and private equity firms seem to share a lot of similarities. Both handle tremendous amounts of information, both have a roster of clients, and an internal team crunches all of their key financial metrics. However, the differences become quite stark when comparing the day-to-day operations – and these differences have huge implications on the ease to secure data.

    Private vs. Public Data

    One way private equity firms differ from hedge funds is the type of information that they deal with. Hedge funds typically only operate on the buy-side, meaning that they purchase all sorts of securities and assets that fit within their strategy.

    Private equity firms, on the other hand, operate on both buy-side and sell-side roles, meaning that there are parts of the firm (or all of the firm) that is privy to extremely sensitive information that must be disclosed to the public if leaked. In addition, this information can only be accessed by certain parties, which means that nonauthorized employees cannot see that information. Most firms create something called the “Chinese Wall” to prevent leaks.

    The existence of the Chinese Wall means a PE firm’s data is not equal and could have potentially market-wide ramifications. Having access to insider information makes private equity funds a desirable target for entities that are searching for actionable information – and the deals that PE firms work with can cause stock prices to swing.

    Location Matters

    PE firms don’t just have more valuable information, but they are also harder to secure due to location.

    Hedge funds typically require minimal travel – analysts and managers rarely have to spend weeks at a time on the road to meet with companies and investors. Private equity firms, on the other hand, require significantly more travel. The travel can be due to meeting clients, working to close a deal, or going on roadshows. 

    From a digital security perspective, it’s easy to lock down and secure machines in a single location. When devices and laptops are connecting from all around the world, sometimes through open Wi-Fi networks, ensuring data travels through a safe path becomes incredibly challenging.

    It’s also easier to supplement a traditional office with physical security (such as on-premise guards) who can deter unwanted people from even getting a glimpse of sensitive information. For employees on the road, the risk of wandering eyes and potential theft of devices is far higher. This makes it an overall digital security solution for PE firms very expensive, as there often have to be device-specific considerations, whereas a hedge fund can take a more one-size-fits-all approach.

    Hedge Fund Cybersecurity is Inherently Stronger

    Hedge fund cybersecurity is less attractive to potential hackers, often due to the esoteric data that some employees work with. PE firms, on the other hand, have investor-specific and insider information that is both more actionable and easier to understand.

    Bart McDonough, CEO and Founder of Agio, says that “technology has fundamentally changed the infrastructure underpinning financial services.” He asserts that technology makes it easier to gather and trade intelligence, but that fast dissemination of information also makes it very difficult to manage from a compliance perspective – data leaks faster than ever.

    For a firm to reduce its risk of leaking sensitive information, it’s essential to take a proactive approach. IT infrastructure and digital security aren’t the only aspects that need to be upgraded, but employees also need to be educated on how to identify and avoid a new generation of phishing attempts.