Hedge Funds Ramp Up Cybersecurity Spending After Wave of Breaches
Eight in 10 hedge funds and other investment firms increased their cybersecurity spending in 2025, as the industry confronts a rise in digital threats and security incidents, according to a report released Tuesday by the Hedge Fund Association and SeaGlass Technology.
Hedge Funds Ramp Up Cybersecurity Spending After Wave of Breaches
Eight in 10 hedge funds and other investment firms increased their cybersecurity spending in 2025, as the industry confronts a rise in digital threats and security incidents, according to a report released Tuesday by the Hedge Fund Association and SeaGlass Technology.
The report, based on a survey of 400 executives including hedge fund managers, institutional investors, and industry service providers, highlights how cyber risk has become a central concern for firms managing vast amounts of capital and sensitive data.
Breaches and Phishing Drive Concern
About half of the firms surveyed said they experienced a cybersecurity breach within the past 12 months, underscoring the scale of the challenge despite increased investment in security tools and controls.
Phishing was identified as the top cybersecurity concern, cited by roughly two-thirds of respondents. These attacks remain a favored tactic for cybercriminals because they exploit human error rather than technical weaknesses.
Third-Party Risk Under Scrutiny
Roughly half of respondents said cybersecurity incidents were linked to third-party vendors or service providers. As investment firms rely more heavily on external technology partners, weaknesses outside their direct control have become a growing source of risk. This trend mirrors broader concerns across industries, where interconnected systems and outsourced services have expanded the potential attack surface for bad actors.
Looking ahead, firms plan to further increase cybersecurity spending over the next 12 to 24 months, with a focus on strengthening resilience and reducing the impact of future incidents. Key priorities include incident response capabilities, advanced threat detection, cloud and endpoint security, and identity and access management to better protect systems and data.
A Persistent Target for Cybercriminals
Cybersecurity has steadily risen on the agenda for hedge funds and other investment firms in recent years. While the sector is among the most heavily regulated, its control over large pools of capital makes it an attractive target for cybercriminals.
The report suggests that although firms are taking more proactive steps, the high rate of breaches shows the threat landscape continues to evolve, requiring ongoing investment and attention at the highest levels of the organization.
