Cybersecurity and Risk Advisory for Financial Firms
Stay current with evolving cybersecurity regulatory pressure, investor expectations, and best practices.
Regulatory rule making and enforcement are in turmoil as bad actors improve their attack vectors, and investor expectations for cybersecurity programs continue to grow. The need to improve your cybersecurity maturity is essential, but navigating the landscape can be challenging, with many vendors emphasizing risks in ways that may not always align with firms actual requirements.
Get more information
Cybersecurity and risk professionals across the globe.
We assist more than 650 firms globally with their cybersecurity and privacy programs.
What do you need help with?
Our award-winning tech-enabled solutions can help you to uncover risks and mitigate deficiencies in your cybersecurity policies, procedures, and controls.
Assess and build my program
Evaluate and improve your cybersecurity and privacy programs with our program assessments, policy support, cybersecurity training, and expert guidance.
Satisfy my firm’s regulatory requirements
Enhance your cybersecurity and privacy programs to meet expectations from regulators like the SEC, FCA, NFA, DFSA, and FSRA. Assess your program against key regulations including GDPR, , DORA, the EU AI Act, the FCA’s Operational Resilience Framework, and amendments to Regulation S-P.
Prepare my firm to respond and recover from business disruptions
Assess and improve your firm’s ability to recover from a cybersecurity incident through our tabletop exercise, incident response and business continuity planning offerings.
Evaluate my cybersecurity defenses
Ensure your firm can withstand cyberattacks through our suite of penetration testing, cybersecurity, and cloud assessment services.
Establish cybersecurity oversight of my portfolio
Gain insight into cybersecurity risk and standardize cybersecurity requirements across the portfolio through ACA Vantage.
Manage my firm’s third-party risk
Build third-party risk management policies and processes that apply the right amount of rigor to each vendor while reducing effort. Quickly and easily conduct vendor due diligence.
Are you ready to protect your firm from cyber risk? Contact us today.
Client perspectives
We’re certain we can be your ideal partner. But our clients say it best.
As we realized the increasing complexities when managing the cybersecurity issues of our portfolio companies, we started having conversations about getting outside help and ultimately decided to go with ACA.
– Steve Cherington Head of Operations, Ara Partners
With ACA Vantage, we now have increased visibility into where companies stand in terms of their vulnerabilities and their risk levels.
Jeff Steinhorn, Operating Partner, Gridiron Capital
Why ACA?
Here’s what sets us apart:
Regulatory Technology and Advisory
Providing clients with a single, user-friendly portal and advisory consulting that efficiently manages their cybersecurity and compliance concerns.
Regulatory Industry Proficient
Former CISOs, CIOs, CTOs, POs, with over 20 years of alternative investment experience.
Contact us
Learn from our experts
The National Cybersecurity & Infrastructure Security Agency (CISA) along with partner organizations, published a joint …
ACA’s 2025 Conference brought together hundreds of compliance professionals, executives, and thought leaders to explore …
ACA Group was recently named Cybersecurity Solution of the Year at the 2025 Hedgeweek European …
A strong compliance program provides a competitive edge that instills confidence in both regulators and …
Security researchers recently identified a threat actor selling authentication records exfiltrated from Oracle Cloud, suggesting …
A newly identified security flaw, CVE-2025-23120, in Veeam Backup & Replication exposes organizations using Active …
A critical security flaw in Apache Tomcat, tracked as CVE-2025-24813, is actively being exploited, putting …
Multiple firms have notified us that their executives and other employees are being impersonated in …
A critical vulnerability in 7- Zip (CVE-2025-0411) is being actively exploited to distribute the SmokeLoader …
A critical vulnerability (CVE-2024-50603) has been discovered in Aviatrix Controller, a popular cloud networking platform …
Environmental, social, and governance (ESG) and cybersecurity portfolio oversight in private equity (PE) and venture …
2024 brought significant developments and fluctuations in areas such as regulatory compliance, the rise of …
The Cybersecurity and Infrastructure Security Agency (CISA), recently released a report in collaboration with the …
ACA Group proudly announces its recognition as the Cybersecurity Winner at the 2024 Tech 50 …
On November 18, 2024, an urgent alert was issued for two critical vulnerabilities in VMware …
A critical security vulnerability, CVE-2024-10924, was recently discovered in the popular Really Simple Security plugin, …
The U.S. Securities and Exchange Commission (SEC) recently charged four companies for insufficient disclosures related …
Launching a new fund, product, or strategy brings unique compliance and operational challenges. At this …
Launching a new fund, product, or strategy can be an exciting but busy time. During …
Recent vulnerabilities in the Common UNIX Printing System (CUPS) could allow attackers to access sensitive …
New York, NY, October 1, 2024 – ACA Aponix®, a division of ACA Group®, proudly …
With just over 100 days remaining until the 17 January 2025 compliance deadline for the …
For several years private equity (PE) firms have been dipping a toe in the water …
Progress Software’s LoadMaster and Multi-Tenant Hypervisor products have been affected by a vulnerability (CVE-2024-7591) that …
For several years private equity (PE) firms have been dipping a toe in the water …
For several years, private equity (PE) firms have been dipping a toe in the water …
Recently discovered vulnerabilities in ServiceNow, a widely used IT service management platform, have exposed organizations …
On Wednesday, July 24th, the United States (U.S.) National Counterintelligence and Security Center (NCSC) published …
An automated update released overnight on July 18 from CrowdStrike, an endpoint detection and response …
Client: Ara PartnersClient Type: Private EquityPortfolio Size: 27 companies across Europe and North America, including …
A critical vulnerability (CVE-2024-6409) with a CVSS score of 7.0 has been discovered in OpenSSH, …
Carlo di Florio, Global Advisory Leader at ACA Group, recently joined Nasdaq TradeTalks to share …
In today’s landscape, traditional cybersecurity approaches to portfolio oversight are no longer sufficient. With increasing …
On June 18th, 2024, the U.S. Securities and Exchange Commission (SEC) published a settlement report …
With cybersecurity threats and techniques continually evolving, small and medium size organizations, like many portfolio …
The financial services industry is one of the most targeted sectors by cyber criminals, ranking …
Without question, one of the hottest topics for firms in 2023 was the emergence and …
From Risk to Advantage: Securing Success for Private Funds Cybersecurity risks are ever present and …
An Overview of Large Language Models Large language models (LLMs) like OpenAI’s “ChatGPT” and Google’s …
Clients Should Consider Updating their Master Password On December 22nd, LastPass, one of the world’s …
Participate in our budget and staffing surveys to learn how your peers are allocating their …
Immediate Action Advised On June 14, 2022, Microsoft announced measures to address two critical, potentially …
Immediate Updates Advised On May 18, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) issued …
Confronting Cybersecurity Workforce Shortages Through Flexible Hiring and Retention Strategies From hybrid and remote work, …
This is an updated version from a previous article published on March 25. On April …
On April 12, 2022, Microsoft® notified users of a remote code execution vulnerability (CVE-2022-26809). According …
Navigating Uncertainty: Risk Management and the Regulatory Agenda Compliance, risk, performance, and technology leadership are …
Cybersecurity and the Great Resignation From hybrid and remote work to the Great Resignation to …
SEC Narrows in on Public Companies’ Disclosures and More One month after voting on a …
Employee Burnout: An Overlooked Cybersecurity Threat? From hybrid and remote work to the Great Resignation …
New cybersecurity legislation may be coming for critical infrastructure companies On March 1st, the United …
Regulatory developments Considering the continued regulatory developments from Western governments and international community relating to …
A registered domain name is the gateway to an organization’s presence on the Internet, shepherding …
What is ransomware? Ransomware is a form of malware, a harmful computer program used by …
A Windows® vulnerability was accidentally disclosed this week that allows a remote, authenticated attacker to …
The U.S. Securities and Exchange Commission’s (SEC) Division of Enforcement is conducting outreach to firms …
There is no doubt that 2021 has been, and will continue to be, a year …
A Q&A with Alex Schienman, ACA Aponix The General Data Protection Regulation (GDPR)& reached its …
The SolarWinds breach and the Microsoft Exchange server breach are striking, both in the extent …
A ransomware attack has led to the shutdown of the Colonial Pipeline, the largest fuel …
ACA Spring Conference: May 18, 19, 20 ACA’s virtual spring conference is right around the …
On April 14, Microsoft released software patches that address over 110 vulnerabilities discovered in Windows® …
A major breach has been reported with wide-reaching U.S. and international repercussions. The breach has …
CJEU Invalidates Privacy Shield U.S. companies are finding themselves on uncertain terrain as they struggle …
As we begin 2020, here are 10 cybersecurity trends to look for in the coming …
2019 Cybersecurity Insights, News, Webcasts, and Resources It’s been a busy and exciting year for …
The SHIELD Act significantly expands New York State’s breach notification law On July 25, 2019, …
SEC focus areas include cloud risk, cyber/tech controls, among others The U.S. Securities and Exchange …
In the past two years, we have seen a steady increase in attacks against users …
We’re proud to announce that ACA Aponix has been named Best Cyber Security Provider by …
ACA Compliance Group (“ACA”) is pleased to announce that Alex D. Scheinman has joined the …