Sales at Acquisition
IQ-EQ’s Cybersecurity Strategy
As an investor services company, IQ-EQ is very concerned about protecting client confidentiality and managing the associated risks with respect to cyber security.
As part of its overall Cybersecurity Strategy it has recently completed a number of key actions:
- Following a series of recent acquistions, the Group engaged a leading consultant to undertake a comprehensive review of its cybersecurity arrangements, which helped to identify areas for futher enhancement and a clear “road map” for the ongoing development of the Group’s Information Security Management Systems.
- Since then, IQ-EQ has recruited a new Chief Information Security Officer to work with the existing InfoSec.
- Separately, the Group has continued to build out its Internal Audit capability to perform regular independent testing of the Group’s cybersecurity arrangements.
- The company follows KPIs on cybersecurity risks at Group level (e.g. the number of malwares neutralised or the number of phishing attempts). They are regularly reported to the Information Security Committee. In 2018, the company’s mail filtering technology stopped and/or quarantined a total of 1.9 million inbound emails including 654 containing harmful viruses and 2,457 with malicious URLs embedded (i.e. phishing attempts).
- All Information Security Management Systems are developed in accordance with the ISO 27001 guidelines. Three of the Group’s major locations, Luxembourg, Mauritius and the Netherlands, hold ISO 27001 accreditation (among 23 locations in total), with a plan to bring further jurisdictions formally into the ISO27001 regime in due course.
- All employees receive regular information security training, either face to face or via the Group’s e-learning management systems.
2018 has been a busy period of acquisitions for IQ-EQ. It has been challenging to implement our Cybersecurity Strategy across all acquired businesses; however we have made great progress in this regard. To date the implementation of this strategy has had very positive side-effects as it has enabled us to respond efficiently and in detail to any RFP and due diligence requests we receive, which we see is fast becoming of increasing importance to our clients. David WildGroup Chief Risk Officer at IQ-EQ