shutterstock_165448370 2.jpg


For asset owners and their gatekeepers, cybersecurity has become a top operational due diligence priority.

Cybersecurity is, however, a technically complex, rapidly changing area. Cyber also falls outside the traditional ODD competencies of accounting, operations and legal.

In Castle Hall’s discussions with asset owners, we have heard new concerns around cyber:

  • Beyond the basics, how do I know which cyber questions to ask - and what do I make of the responses?
  • How do I assess, manage and monitor cyber risks across my portfolio of external managers?
  • As an asset owner, what actions should I take with external managers who have higher cyber risk?
CyberSecurityDiligence answers these questions. Designed by Castle Hall’s tech team, CyberSecurityDiligence offers a practical, independent solution to support asset owner due diligence.
A standard OpsDiligence review includes a range of cyber questions - Castle Hall asks whether there is a cybersecurity policy, if the asset manager conducts penetration and phishing tests, what are cyber training procedures and, of course, whether the asset manager has been compromised by a cyber event.
CybserSecurityDiligence goes into much greater depth, considering more than 150 cyber risk factors. Our cyber risk evaluation tool, available below, outlines Castle Hall's scope and evaluation criteria when conducting a cyber diligence review.
As always, Castle Hall's independence enables asset owners to access effective and objective evaluation of cyber risks. Unlike technology vendors, Castle Hall is never in the position of conducting diligence on an external manager who is already a tech client, and the diligence process is never motivated by a desire to sell an external manager follow on tech services.


A practical solution empowering asset owners to oversee external manager cybersecurity risks.

Download the Cyber Risk Management Evaluation Tool.


Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems. Nowhere is this more visible than in financial markets.

Leveraging Castle Hall’s decade of operational due diligence experience and award-winning due diligence platform, DueDiligenceProfesional™, CyberSecurityDiligence helps investors evaluate the cybersecurity preparedness of asset managers within their portfolios.

  • Detailed CyberSecurityDiligence of individual managers – or a full portfolio
  • Ongoing CyberSecurityDiligence monitoring

Each CyberSecurityDiligence review includes:

  • Initial external manager cybersecurity environment assessment across more than 150 risk factors and data points
  • Preparation of a comprehensive diligence report including our overall CyberSecurityDiligence assessment
  • Quarterly updates to manager data, including monitoring flags across 10 cybersecurity data categories

Learn More About CyberSecurityDiligence

Contact us to learn more about our innovative cybersecurity due diligence services.

Contact Us
cyber - ipad + iphone