On February 4 and 11, 2021, Robin L. Barton of the Hedge Fund Law Report published a two-part article on the risks of business email compromise scams:

Eleven Lessons From Cyber Hack That Forced an Australian Hedge Fund to Close

The article features a lengthy interview with Avi Gesser, a partner in the Debevoise Data Strategy and Security Practice, during which Avi discusses the following 11 lessons from a recent cybersecurity attack on a hedge fund:

  • 1: Private Funds Are Attractive Targets
  • 2: Business Email Compromise Is a Successful Strategy
  • 3: Cyber Criminals Are Smart – and Learning
  • 4: Remote Work Has Heightened Cybersecurity Risks
  • 5: Relying on Spotting Red Flags Is Not the Best Approach
  • 6: Robust Policies and Procedures Are Effective – and Give Employees Cover
  • 7: Anything New Should Be Scrutinized
  • 8: Culture Can Undermine Strong Policies and Procedures
  • 9: Incidents Should Be Used in Cybersecurity Program Reviews
  • 10: Third-Party Cybersecurity Matters, Too
  • 11: Investors and Regulators Care About Cybersecurity

A full copy of the article is available here.

To subscribe to the Data Blog, please click here.


Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.