Cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at fund sponsors should take the lead to ensure that the sponsor is taking appropriate actions to protect itself against cyber risks.
Careful planning and preparation, including appropriate policies and procedures, is critical for the creation of an effective cybersecurity program.
The program should include a Cyber Risk Assessment and a Cyber Incident Response Plan.