2020 Cybersecurity and Risk Year in Review
It's been a year like no other for all of us and ACA Aponix wants to thank our clients and friends for your support in 2020 and wish you the best in 2021.
This year, as we responded to the pandemic, we continued to invest in enhancing our cybersecurity and privacy services to help our clients meet their firm's priorities efficiently and effectively as well as respond to the evolving cybersecurity landscape. Below is a summary of 2020 cybersecurity news and insights and other resources for you to review.
Product Updates
In 2020, we helped firms prepare for new rules and regulations and launched several new services:
- ACA’s Aponix Protect™: A comprehensive cybersecurity program created to help firms address evolving cyber risks and threats to ensure their cybersecurity needs are covered year-round. This solution is available in three tiers, each one designed to provide firms with a flexible, robust, responsive, and cost-effective cybersecurity program. Download the tearsheet
- Aponix’s PortCo Defend™: A cybersecurity risk management program and dashboard designed to help private equity firms assess and centrally monitor security threats to their portfolio companies (PortCos). PortCo Defend gives private markets a holistic view of their PortCos’ cybersecurity risk and provides oversight to track the progress of their PortCos’ efforts to remediate gaps and achieve their cybersecurity targets. Download the tearsheet
- ACA Aponix’s Payment and Fraud Risk Assessment (PFRA): A service to provide end-to-end policy-aligned reviews of all your firm’s cash movements to identify potential fraud risk throughout the payment lifecycle. We perform evidence-based procedure reviews across your firm to help mitigate risks during subscription, drawdown, redemptions, staff, and vendor payments. Download the tearsheet
- ACA Aponix's Third Party Risk Management (TPRM) Advisory Services: A solution for assessing current state TPRM practices at a firm against regulations and best practices. Includes the definition of a roadmap of program enhancements to ensure effective oversight of third-party relationships. We also provide managed services for clients to assist in running TPRM processes and managing their full portfolio of third-party services. Includes support for aggregate risk reporting, governance processes, and maintenance of the third-party portfolio. Download the tearsheet
Alerts, Insights, and a Focus on Portfolio Companies
Firms faced increasing operational risks, including global pandemics, natural disasters, geopolitical threats, economic crises, and third-party risks such as supply chain disruptions in 2020.
Ensuring business continuity and that risk functions are resilient is key during these times, as regulators and investors expect firms to continue to operate and function as required.
Alerts
The U.S. Securities and Exchange Commission Office of Compliance Inspections and Examinations (SEC OCIE), Financial Industry Regulatory Authority (FINRA), and U.S. Treasury Department issued multiple risk and regulatory alerts as cyber criminals took advantage of the pandemic and many firms were found to be unprepared. Here are some of our most accessed alerts:
- SEC Issues Risk Alert Identifying 6 Areas of Deficiencies in Investment Adviser Compliance Programs: SEC OCIE found, among other deficiencies, that firms were not adequately reviewing or maintaining written cybersecurity policies and procedures.
- Major SolarWinds Breach Affects Government and Businesses Worldwide: 2020 saw its share of cyber incidents and the biggest one was the far-reaching December SolarWinds Breach.
- SEC OCIE Issues Risk Alert on COVID-19-Related Compliance Risks and Issues: OCIE recommended firms address the risks, issues, and challenges resulting from the widespread use of telecommuting practices and pandemic-related market volatility.
- More Cyber and Risk Alerts from 2020
ACA Insights on Operational Resilience and Privacy
The ability to manage risks effectively, efficiently, and promptly determined a firm’s level of operational resilience -- a focus for firms, regulators, and ACA in 2020:
- RiskMutation™ Strategic Roadmap: Building Operational Resilience: The global COVID-19 pandemic triggered a series of catastrophic events that disrupted business and abruptly changed the way we work. These crises have evolved in unexpected, non-linear ways that present both danger and opportunity. ACA calls this phenomenon RiskMutation™. Download White Paper
- SEC Examination Requests Related to COVID-19 Business Continuity and Operational Resilience: In March, OCIE engaged in an ongoing outreach with registrants to assess the impacts of COVID-19, including challenges impacting operational resiliency.
Privacy regulations continued to be updated with changes in the EU due to Brexit and CCPA Enforcement and updates:
- European Union Court Strikes Down Key EU-U.S. Data Sharing Agreement
- California Approves CPRA, Which Amends CCPA
- CCPA Enforcement leads to Multiple Class-Action Lawsuits
- CCPA FAQs for financial services firms - Download
- CCPA FAQs for all industries - Download
ACA Support for Private Markets and their PortCos
We expanded our services for Portfolio Companies with case studies and blogs. Here are just a few:
- Portfolio Company Case Studies
- Helping Private Equity Firms Stay Ahead of Risk – Blog and Webcast
- All Portfolio Risk Management Content
2020 Webcasts
We had our first Cyber Week in October and all events were recorded. If you missed these live or want a refresher, you can watch or listen to these and all 2020 Aponix webcasts on demand. Here are a few of our most popular webcasts:
- The Scariest Cyber Breaches of 2020 – Watch now
- The State of Cybersecurity: Results from the 2020 NSCP / ACA Aponix Cybersecurity Compliance Programs Survey – Watch now
- Fireside Chat with Phil Venables and Mike Pappacena – Watch Now
- Coronavirus Preparedness: Re-visit Your Business Continuity Plans – Watch now
- You can access and watch all the sessions from ACA's Cyber Week on demand –Watch now
For More Information
For more information or questions, please reach out to your ACA Aponix consultant or contact us here.
Related insights
Critical Vulnerability Detected in Palo Alto Networks' GlobalProtect Gateways
A popular firewall used in the financial industry is under attack due to a critital zero-day vulnerability. Firms that use Palo Alto Networks' firewall need to update their software to protect their systems.
- Cybersecurity
Two Important Cybersecurity Alerts from CISA
The Cybersecurity and Infrastructure Security Agency (CISA) issued two advisories that require impacted firms to take immediate action.
- Cybersecurity
Cybersecurity Benchmarking Survey Lists Top Concerns and Preparedness Among Respondents
Our annual survey in partnership with NSCP reveals that investment firms overlook AI as a cybersecurity risk and remain wary about SEC cybersecurity enforcement and compliance with new rules
- Cybersecurity
- Cybersecurity Resources
- ACA News