As global finance steadily embraces the tokenisation of assets, a quiet but pressing debate is unfolding: can the infrastructure underpinning these digital tokens withstand the ever-growing tide of cyber threats?
The promise of tokenisation – fractional ownership, faster settlement, broader access to investment products – has captured the imagination of banks, asset managers and regulators alike.
Yet, respondents to the survey expressed an undercurrent of concern: nearly half of asset managers who don’t offer a tokenised fund (48%) ranked cybersecurity resilience as their top criterion when considering tokenised platforms.
While 49% of asset managers chose cyber security resilience as one of their top three criteria for selecting a digital assets services providers, 63% of asset owners selected cyber security resilience as one of their most important criteria for selecting a crypto assets service provider (or provider of tokenised services).
In other words, the future of tokenisation may hinge less on its technological ingenuity and more on its ability to defend against the cyber battlegrounds of tomorrow.
Tokenisation is often heralded as the next great leap in capital markets. Advocates argue it can unlock liquidity, simplify cross-border settlement, and open new product lines.
But unlike the traditional financial infrastructure, where decades of regulatory oversight and institutional resilience are in place, tokenised systems represent new terrain.
Our survey found that while 52% of asset managers who don’t offer a tokenised fund pointed to investor demand as a key driver for tokenisation. Asset owners, meanwhile, expressed concerns around data security, transparency of authority and resilience consistently in their responses.
Why Cyber Resilience Matters
Cyber resilience goes beyond preventing hacks. It is about ensuring continuity of operations, protecting investor confidence and maintaining regulatory compliance in the face of sophisticated attacks.
Consider the potential attack vectors:
Smart contract vulnerabilities could allow malicious actors to drain funds or manipulate transactions.
Distributed denial-of-service (DDoS) attacks could halt trading activity on tokenised platforms.
Insider threats may compromise private keys, jeopardising asset custody.
For institutional investors, these risks are not abstract. The collapse of major crypto exchanges in recent years – often triggered or worsened by security breaches – has heightened sensitivity. Unlike retail-driven crypto markets, tokenised assets are being positioned squarely in the institutional sphere. Here, a single breach could erase billions in value and devastate trust in the ecosystem.
Building Digital Trust
The survey results point to another revealing trend: security is not just about defence, but also about trust-building. Questions probing the role of tokenisation in expanding market access often came with qualifiers around “security and transparency”.
A respondent’s comment noted that providing “more security and access to products” was integral to convincing both regulators and investors.
Another argued that “data security and transparency of authority” would determine whether tokenisation grows into a permanent pillar of capital markets or remains a niche experiment.
Trust, in this sense, has two dimensions:
- Technical trust — confidence that systems are resilient to cyberattacks.
- Institutional trust — confidence that regulators, custodians and platforms can enforce accountability.
Both are interdependent. Without secure technical foundations, institutional oversight loses credibility. Without institutional clarity, even the most advanced cybersecurity systems cannot attract wary investors.
Regulators Tighten Their Grip
Regulators are increasingly alive to these issues. Across Europe, the Digital Operational Resilience Act (DORA) aims to set a new bar for financial institutions, ensuring they can withstand, respond to, and recover from ICT-related disruptions. For tokenised assets, DORA is not just a compliance hurdle — it may become a blueprint for operational legitimacy.
Survey responses hint that managers are already bracing for this shift. Several highlighted regulatory clarity on cyber resilience as a deciding factor in their willingness to launch tokenised funds.
The challenge is that cyber threats evolve faster than most institutions can adapt. Nation-state actors, ransomware groups, and increasingly sophisticated AI-powered attacks pose risks not just to crypto exchanges but to the tokenised assets ecosystem itself.
Tokenisation introduces new complexities that hackers are eager to exploit. For example, the immutability of blockchain — a core feature — becomes a liability when a breach occurs. Unlike in traditional finance, reversing or correcting fraudulent transactions is far more complex.
To counter this, firms are investing in:
Zero-trust architectures, ensuring no user or process is automatically trusted.
Quantum-resistant cryptography, preparing for a future where quantum computing could crack current encryption.
AI-driven monitoring, capable of detecting anomalies in real time.
But investment alone won’t suffice as cyber resilience isn’t just product you can buy: it’s also a culture that requires to be built out.
Conclusion
The survey’s data should serve as a wake-up call. While investor demand and the appeal of new distribution models remain strong, the success of tokenisation may ultimately hinge on resilience. If platforms cannot guarantee cybersecurity at institutional-grade levels, adoption could stall.
Conversely, firms that embed cyber resilience into their core offerings could unlock a first-mover advantage. By combining efficiency gains with unshakeable trust, they can capture the confidence of both regulators and investors.
The tokenisation of assets represents a financial revolution in the making, but revolutions are fragile. Our survey makes plain that cybersecurity resilience is not a side issue, but the very foundation on which this new financial architecture must be built.
Tokenisation may change how capital markets operate. Whether it succeeds will depend on whether it can withstand not just today’s threats but the unpredictable shocks of the future.
The Funds Europe-Caceis report into tokenisation can be viewed by following this link.
