By Sid Yenamandra/Entreda
Independent wealth management firms are notorious for talking a good game about cybersecurity while doing frighteningly little to protect sensitive client information. The bottom line is that those poor practices carry hidden risks, threatening the long-term strategic plans of otherwise successful independent broker-dealers and RIAs.
Recent research from multiple sources — including IBM, the Ponemon Institute, and Beacon Strategies — help fill in the gaps. Taken together, this material shows how wealth management teams vastly underestimate the true cost and consequences of cyber-attacks, that firms and their employees are far too lax on recommended protocols, and that they are in dire need of unified cybersecurity tools with a greater focus on the financial advice industry.
WAITING FOR ATTACKS
This revelation lays bare the rampant lack of preparedness for cyberattacks in the wealth management industry. It’s no exaggeration to say that many firms and their employees are literally waiting for a data breach to occur.
But the most surprising discovery is that so few of them realize they don’t have to be in that situation. Affordable, effective and efficient solutions do exist for the financial advice space. Of course, like anyone who wants to break a bad habit, the first step is admitting there’s a problem.
Beacon Strategies estimates that 74% of financial advisors already have been the target of cyberattacks, yet a whopping 64% of employees think cybersecurity is not a priority for their firm.
Additionally, leaders at many firms believe that allocating more time and resources to shoring up cybersecurity is unjustified since their firm has not (yet) suffered a data breach. This reveals a dangerous misunderstanding of what’s at stake.
MILLIONS IN LOSSES
No other industry has been as vulnerable to cyberattacks over the last two year as financial services, according to IBM. And the Ponemon Institute found that the average remediation cost per lost or stolen record in a data breach is $141, factoring in direct expenses such as engaging forensic experts and indirect expenses such as lost customers.
Now consider that a single-advisor practice with five employees may have as many as 400 client records. Basic math suggests that such a practice could lose over $56,000 due to a breach, a seven-advisor RIA with 10 support staff could face over $240,000 in losses and a broker-dealer with hundreds of advisors could lose millions.
REGULATORS GET READY
A common theme among wealth management firms is lax adherence to protocols. Rules from FINRA, the SEC and assorted state regulators, such as those in New York and Massachusetts, ought to be non-negotiable since those entities have made cybersecurity a top concern.
But far too often overlooked are recommendations by the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce. The NIST voluntary framework entails best practices on how to identify cyber threats, detect gaps, protect against attacks, respond to them and recover when compromised. Although all those areas are important, “protection” is the heart of the framework.