Cybercriminals who target fund managers are becoming smarter, more aggressive and more ambitious. Despite this, more than half of US investment managers don’t test their IT for weak spots, while a quarter do not regularly evaluate the effectiveness of their defense systems, according to a survey conducted by the US Securities Exchange Commission in May 2019 Back in 2016 cybercriminals managed to slip past the agency’s own defenses, but now hedge funds and asset managers are seen as the weakest link. In October, hackers successfully breached Arena Investors and the Kansas University Endowment and Community Foundation of Texas—executives at both companies were fooled by malevolent software in the guise of an email. Buy side firms are now rushing to install preventative controls, active monitoring, and safeguards against this flurry of bad actors. Hackers have honed in on institutional investors for a number of reasons: the $78.7tn treasure trove of mandates they harbor, as well proprietary trading algorithms and sensitive data on client portfolios, fund assets, customers and counterparties. In today’s globally connected markets, asset managers (particular those with woeful cyber defenses) are an easy conduit through which cyber criminals can reach and disrupt the wider financial ecosystem. There are a number of distinct groups of criminals: state-sponsored hackers are motivated by political agendas; hacktivists want to disrupt the system; and organized actors are interested in a big payday. The most frequent attacks on asset managers involve the manipulation or extraction of their data, which is easier if a company has weak defenses.