Vendor Referral Fees – An Inherent Conflict of Interest When It Comes to Cybersecurity

Referral Fees

You may be surprised to find out that your IT Managed Service Provider is receiving a kickback for referring your cyber vendor. While there are many referral-based incentives between various vendors supporting the Hedge and Alternatives industry, incentives between a cyber vendor and a client’s IT Managed Service Provider are an inherently bad practice.  As your primary data vendor, the security of your IT MSP is critical. Consequently, the most critical component of a cybersecurity regulatory assessment in support of hedge and PE is the need for an independent, unbiased security audit directed against the operations supported by the organization’s IT MSP. However, imagine the conundrum a cyber vendor might encounter if they have to provide a bad report against the IT MSP. Most likely, it will hurt the relationship and surely prevent future referrals for their other clients. However, very few managers realize the potential risk this represents.  In response, it is critical to ask your cybersecurity vendor if they take or provide vendor referral fees. While not technically illegal, it’s a potential risk that every manager should be aware of, if the answer is “yes”. Of note, for this very reason, BW Cyber Services will never take or provide vendor referral fees – without exception.  For more information on how BW Cyber Services can assist you, please contact us at


To learn more about vendor referrals and their possible impacts, check out: