For immediate release  - 28 October 2020                                                                               

Updated Cyber Security Program Basics for investment management companies

EFAMA launches Cyber Resilience Working Group

Brussels, 28 October 2020 -
As part of a global initiative led by the International Investment Funds Association (IIFA) and supported by investment fund associations from around the world, EFAMA is glad to present the 2020 updates to the 'IIFA Cybersecurity Program Basics', a document that lays out the key cyber-prevention standards for investment management companies. The commonly-shared principles that firms should apply in order to minimize the likelihood of cyber incidents were originally launched on this day last year. These six principles are recommended to any firm looking to adopt cyber-hygiene standards, or improve their existing ones:

  1. Establish an overarching cyber-security framework
  2. Conduct cyber-risk awareness trainings with company staff
  3. Have an incident response plan
  4. Conduct tabletop exercises to “test" such response plan
  5. Establish and monitor normal network activity
  6. Participate in trusted information sharing networks.

In light of the concerns raised by the Covid-19 global pandemic in the course of 2020, the IIFA's Cybersecurity Working Committee today presents the following updates to the above core principles in the form of best practices:

  1. ​Business Continuity Planning
  2. Information Technology Controls
  3. Inventory and Control of Software & Hardware
  4. Principle of Least Privilege
  5. Work From Home Considerations
  6. Secure Configuration

The document includes useful links to publicly available resources that firms can refer to when implementing the above best practices.

EFAMA believes this document will be of particular added-value to small-sized investment management companies, as they may lack the resources needed to fully meet the more demanding international standards (e.g. ISO, NIST, CPMI-IOSCO). 

This initiative is complementary to a number of other cyber-security initiatives undertaken by EFAMA under the aegis of the International Organization of Securities Commissions (IOSCO), including the IOSCO AMCC 2020 Global Cybersecurity Asset Management Survey. 

“EFAMA is pleased to support this IIFA initiative. In fact, our Management Companies Regulation and Services Standing Committee identified cybersecurity and operational resilience as priorities, which is why we have decided to set up a dedicated working group on cyber resilience to allow  EFAMA to engage actively in upcoming and important policy discussions, such as the European Commission's  recent proposal for a Regulation on digital operational resilience and amending Directive as part of its Digital Finance Strategy for the EU ", commented Federico Cupelli, EFAMA Senior Regulatory Policy Advisor.

- ENDS -

For media enquiries, please contact:

Hume Brophy
Kerri – Anne Rice (
Paul Andrieu (
Daniela Haiduc (​)   

Notes to editors:

About the European Fund and Asset Management Association (EFAMA):
EFAMA, the voice of the European investment management industry since 1974, represents 28 Member Associations, 60 Corporate Members and 24 Associate Members. At end Q2 2020, total net assets of European investment funds reached EUR 17.1 trillion. These assets were managed by almost 34,200 UCITS (Undertakings for Collective Investments in Transferable Securities) and more than 29,100 AIFs (Alternative Investment Funds). More information is available at

Follow EFAMA on Twitter @EFAMANews or LinkedIn @EFAMA for latest updates.

About the IIFA:
The IIFA is a global organization whose members are national and regional associations representing the investment funds (mutual funds) industry. In addition, certain IIFA members represent the broader fund ecosystem, such as distributors and asset managers. The current membership comprises 38 national associations and 2 regional associations which, collectively, have funds under management of US$54.88 trillion, as of the end of 2019. The secretariat of the IIFA is located within the Canadian association, The Investment Funds Institute of Canada (IFIC), which is based in Toronto. More information at