Overview
For nearly 20 years, ICI has actively engaged with members, regulators, law enforcement, and other stakeholders—both domestic and global—on cybersecurity issues and experiences. By employing a broad strategy of committee sessions, events, public and private collaboration, and relationship building, ICI has constructed the most comprehensive, member-driven approach to cybersecurity of any association worldwide. As a result, ICI has become the leading voice on cybersecurity advocacy for the mutual fund industry.
Among a variety of activities, ICI has developed strong member forums through domestic and global information security committees where members can exchange ideas, learn of current threats and trends, and discuss unique elements of information security for mutual funds. Throughout the years, ICI has collaborated with members to develop custom benchmarking, which aids in assessment of cybersecurity readiness, and has taken that work to associations across the globe. These efforts are the only instance of benchmarking solely for the mutual fund industry. In addition, ICI staff has built extensive private-public relationships that bring a broad level of subject matter expertise and information to the members, aiding their work in protecting information.
ICI Contact List
News & Publications
News & Publications
ICI: Mutual Funds Have Helped Middle Class Families Secure Their Financial Futures
Palm Desert, CA; March 23, 2023—The Investment Company Institute (ICI) concluded its annual Investment Management Conference this week, after convening senior regulatory officials and industry leaders for a robust discussion of the issues facing asset managers today. In his address before the conference, ICI’s CEO and President Eric Pan emphasized the historic success of mutual funds to help Americans achieve their savings goals and the impact on everyday Americans of pending regulatory measures, such as the SEC’s mandatory swing pricing and fund names proposals. “For the great majority of...
Working to Ensure Funds Can Maintain Vital Services
On Friday, I wrote about a critical problem emerging throughout the nation as states issue “shelter-in-place” orders in response to the COVID-19 pandemic: the need to ensure that key personnel of mutual fund sponsors and service providers are deemed “essential workers” and thus permitted to report to work to maintain security and services for fund investors. Over the weekend, two key developments offered some hope that state governors will hear our message and provide the needed relief from their shelter-in-place orders: Treasury Secretary Steven M. Mnuchin issued a memorandum for the...
During COVID-19 Crisis, Fund Company Staff Are Essential
In just a few hours on March 19, two of America’s largest states—California and Pennsylvania—ordered their 52 million residents to “shelter in place” to help limit the spread of COVID-19. The state of New York, with 20 million residents, followed suit today. Many other jurisdictions are considering issuing similar strict limits on personal movement. As governments consider extending these orders, they must include staff of fund companies among the “essential” workers who qualify for an exemption. Fund company staff are very much part of the country’s critical infrastructure—providing essential...
Research & Statistics
Research & Statistics
2025 ICI Operational Resiliency Tabletop Exercise -Service Provider Disruption: After-Action Report
The 2025 ICI Operational Resiliency Tabletop Exercise, simulated a prolonged outage at AlphaPrime Trust Company caused by its fourth-party vendor, CoreDataX. The disruption affected critical processes such as trade matching, settlement, and client reporting, engaging 42 firms and over 50 participants to examine fourth-party risk and strengthen resilience beyond traditional cybersecurity concerns.
ICI Cyber Industry Tabletop Exercise 2024: After-Action Report
The asset management industry relies on a complex web of service providers, creating layered outsourcing models that include fourth-party vendors. The 2025 ICI Operational Resiliency Exercise, hosted by Charles Schwab, tested industry response to a fourth-party outage at AlphaPrime Trust caused by CoreDataX. The simulation engaged 42 firms to address cascading risks from complex outsourcing and strengthen resilience beyond cybersecurity.
The asset management industry faces an escalating battle against cybercriminals employing increasingly sophisticated tactics. From state-sponsored attacks to ransomware-as-a-service (RaaS) platforms...
Additional Resources
Large-scale cyberattacks are the most prominent threat to financial services. As such, Investment Company Institute (ICI) members have long taken cybersecurity seriously. Client, customer, and employee data and privacy are of the utmost importance—whether addressed through:
- public-private partnerships,
- ever-evolving security policies and procedures,
- security training,
- information sharing networks, or
- constant monitoring and vigilance.
ICI contributes to the multilayered security approach of its members’ cybersecurity preparedness by offering multiple complimentary initiatives. This includes peer-to-peer engagement, security benchmarking, facilitating relationships with law enforcement, key security vendor presentations, and much more.