NYAIR Episode 25
Cybersecurity: What the Buyside Needs to Know
In this vital NY-AIR episode, Russell Sommers (Senior Manager, Baker Tilly) shares essential insights for asset managers, allocators, and financial leaders on the frontlines of cybersecurity risk. Get practical, board-level frameworks for threat prevention, third-party risk, phishing, ransomware, regulatory expectations, and disaster recovery. For firms navigating complex vendor relationships, audit requirements, and increasingly relentless cybercrime, this conversation offers real-world tools and reassurance.
Featured Guests
Russell Sommers
Senior Manager, Baker Tilly; Cybersecurity & IT Risk Specialist
Russell Sommers brings more than a decade of experience in public accounting, IT controls, and cybersecurity—advising financial institutions, insurers, and highly regulated businesses on defense, detection, compliance, and vendor risk. He leads projects in information security consulting, regulatory compliance, internal and IT audit, risk assessment, vendor and enterprise risk management, and brings a pragmatic lens to executive and board-level cyber strategy and oversight.
Key Insights From This Episode
Cybersecurity is About Fundamentals, Not Hype
While technology changes fast, most breaches trace back to basic failures—weak or absent controls, poor user training, unsegregated networks, and overlooked software patches.
Third Party (Vendor) Risk is an Asset Manager’s Achilles Heel
Outsourced relationships (accounting, administration, technology, payroll, vendors) create entry points for attackers. Annual due diligence, SOC reports, and regular validation are critical for any vendor touching finance or sensitive data.
Regulatory Scrutiny Intensifies
From the NY Department of Financial Services to the SEC, FFIEC, and CFTC, regulators demand serious cyber programs: rigorous risk assessments, clear internal controls, user education, and prompt response plans.
The Number One Attack Vector: Phishing (and Social Engineering)
Of all threats, phishing remains most common. Old tricks like payroll diversion and fake spear-phishing emails drain millions—especially when “bad actors” use credible details from public or social feeds.
Incident Response and Recovery Planning Save Firms
Even with strong defenses, breaches happen. Having a robust, practiced, tested incident response and disaster recovery plan lets firms recover quickly, avoid regulatory sanctions, and limit reputational fallout.
The Real Enemy is Fatigue—Continuous Training Wins
Cyber risk is a human game. Effective defenses are built around ongoing, adaptive training, “fake phishing” tests, and robust culture—not just software.
Access the Full Conversation
Listen to the full episode and download an insights deck with practical checklists, sample controls, and board-room essentials. Every asset manager, CFO, and risk leader gets value from Russell Sommers’ pragmatic and actionable frameworks.
Soundbites Worth Saving
“Cybersecurity isn’t complicated: segregate your networks, patch your software, train your people—over and over.”
— Russell Sommers
“The most damaging attacks are the simplest: fake emails to move money, prying on knowledge from social media, or just taking advantage of untrained staff.”
— Russell Sommers
Shape the Future of Alternatives With Us
The New York Alternative Investment Roundtable brings together the brightest minds in finance—Nobel laureates, industry disruptors, Fortune 1000 executives, and leading fund managers. By joining as a member, you gain access to premium events, exclusive insights from our podcasts, and direct connections with the decision-makers shaping global markets.
Your seat at the table is waiting.
© 2025 New York Alternative Investment Roundtable | Privacy Policy | Terms and Conditions