We are committed to combating the various cyber threats that continue to impact the financial services industry.
The impacts of the Covid-19 crisis put our operational resilience to the test like never before. Having been fully operational throughout the pandemic, we have demonstrated remarkable resilience, and technology has played a critical role in delivering a positive colleague and client experience.
In response to the continued heightened risk to cyber security as a result of the pandemic, we have implemented a number of initiatives to further protect against the potential leakage of sensitive data:
- Our technology environment is continually maintained and subject to regular testing, such as penetration testing, vulnerability scans and patch management
- Technology processes and controls are upgraded where appropriate to ensure ongoing technology performance and resilience
- An externally managed security operations centre supplies ICG with skilled security experts and technology to proactively detect and prevent potential threats and to recover from security incidents, including cyberattacks
- We have increased our phishing tests globally and carried out a cyber scenario exercise designed to strengthen incident preparedness and business continuity plans
The risk of cyber attacks continues to rise and we take the protection of our data, and that of our clients, very seriously. With Board oversight of the issue, we invest heavily in minimising cyber risk, ensuring we have robust processes in place, both internally and with our IT providers, to maintain focus and continuously improve our performance.
Julien Rawle, Head of Cyber Security, ICG
Case study
European Corporate portfolio companies
Our cyber work continued this year with systematic external cyber risk assessments, enhanced cyber assessments pre- and post-deals, with specific deep dives and support for selected portfolio companies.
We have also systematised our cyber risk monitoring process around new deals and our governance approach:
- Pre-investment:
- Systematic cyber due diligence is conducted for all new deals
- We conduct a mandatory internal cyber audit
- Post-investment:
- Ensure each portfolio company nominates a dedicated cyber head to liaise with the board and ensure progress against objectives and KPIs
- Enhance transparency on risk detection with dedicated Board sessions on cyber
- Encourage staff cyber training due to the importance of behavioural factors
- Repeat cyber audit every 18-24 months to monitor progress