Back To Insights

Due Diligence Matters - April 2026 Bulletin

About perfORM Operational Due Diligence

perfORM is an award-winning, international (UK, Switzerland, USA and UAE) and standalone Operational Due Diligence solutions provider with 150+ years of collective ODD experience. 

The ‘ORM’ in perfORM stands for Operational Risk Mitigation. 

Our clients are global and diverse, including Investment Managers, Allocators (e.g., Family Offices/Multi-Family Offices, Private Banks, Wealth Managers, Funds of Funds, Asset Managers, Pension Funds, Endowments, Foundations), Third Party Service Providers and Sports Teams.

Cybersecurity Considerations

 The increasing severity and frequency of cyber threats emphases the need for enhanced cybersecurity measures. Cybersecurity in financial services is critical to protect sensitive data, prevent financial losses, and maintain trust amid increasingly sophisticated cyber threats and this makes them prime targets for cybercriminals.

The various types of cyber security in financial services are crucial for organizations in the sector and each type of cybersecurity will serve a different purpose to ensure that weaknesses are addressed.

  • Network Security:  This domain of protection involves practices that prevent unauthorized access to secure data communication within a network, such as firewalls, intrusion detection systems, and virtual private networks.
  • Application Security:  This aspect of security is very important for financial institutions that depend much on various applications to run their activities.
  • Information Security: Basically, information security is the process of protecting the integrity and privacy of data- whether in motion or at rest- by adopting techniques such as data encryption, data masking, and access controls.
  • Operational Security: Operational security concerns the settings and practices of user permissions as well as how and where data can be placed or shared.
  • Disaster Recovery and Business Continuity: This will ensure that in the event of a disaster or accident, systems will be available with minimal delay.

Just as critical as the security measure above, so is employee education and awareness programs ensuring that employees are trained on cyber threats, safe best practices online, and the significance of data protection. Phishing exercises and regular cyber training enable individuals to be prepared to recognise and handle cyber threats.

Furthermore, as threats and attempts to breach security measures are increasing and evolving, it is vital that institutions undertake regular security audits and penetration testing. These frequent assessments of security infrastructure may uncover vulnerabilities through simulating real-world attacks and evaluate the effectiveness of security measures. Generally, cybercriminals exploit known vulnerabilities found in outdated software; thus, regular updates are key to maintaining an up-to-date and strong security environment.

During recent operational due diligence engagements, we have continued to observe an increase in both the frequency and impact of cybersecurity incidents across asset managers. In one recent review, an investment manager experienced a cyber‑attack that prompted an external forensic investigation. The analysis concluded that the incident was not targeted and resulted in no data loss, but the threat remains real. 

We have also observed incidents where employee phishing attacks led to cybersecurity breaches. In one example, an employee inadvertently compromised credentials following a phishing email. While the incident was assessed as minor, it reinforced the importance of regular staff training, escalation protocols, and incident response readiness as phishing techniques continue to evolve.

perfORM’s ODD Report Solution

perfORM’s ODD Report Solution is not just another tick in a box, it is a fast growing and innovative approach to operational due diligence. A pragmatic solution for investment managers and service providers which engage us to complete an ODD review.

We believe in operational excellence, doing things ‘the right way’ and holding ourselves accountable for delivering institutional-grade asset management. Working with perfORM to review our processes thoroughly is key to ensuring our investors have independent insight, understanding, and confidence in how we manage their assets. We appreciate the perfORM team’s forensic review of our documentation and processes and look forward to collaborating again” – Investment Manager ODD Report Solution client

Contact perfORM to discuss ODD support or to receive a sample ODD report.

You can also read our March bulletin edition and watch our new video which introduces perfORM and each of our of core ODD services.

View previous ODD reports