IIFA Cybersecurity Program Basics

Brussels, 28 October 2019 - ​As part of a global initiative led by the International Investment Funds Association (IIFA) and supported by investment fund associations from around the world, EFAMA is glad to present the 'IIFA Cybersecurity Program Basics', a document​ that lays out the key cyber-prevention standards for investment management companies. The initiative marks an important step for the global asset management industry to define commonly-shared principles that firms should apply in order to minimize the likelihood of cyber incidents. The principles are:

  1. Establish an overarching cyber-security framework
  2. Conduct cyber-risk awareness trainings with company staff
  3. Have an incident response plan
  4. Conduct tabletop exercises to “test" such response plan
  5.  Establish and monitor normal network activity
  6. Participate in trusted information sharing networks.

​These six principles are recommended to any firm looking to adopt cyber-hygiene standards, or improve their existing ones.

The document includes useful links to publicly available resources that firms can refer to when setting up the above measures.

EFAMA believes this document will be of particular added-value to small-sized investment management companies, as they may lack the resources needed to fully meet the more demanding international standards (e.g. ISO, NIST, CPMI-IOSCO). 

This initiative is complementary to a number of other cyber-security initiatives undertaken by EFAMA under the aegis of the International Organization of Securities Commissions (IOSCO).