Since October is National Cybersecurity Awareness Month, this is a good time to reflect on the many high-profile security breaches that have made headlines this year.
Yahoo announced that the security breach it suffered back in August 2013 compromised every single one of its customer accounts. Up to 143 million Americans may have had their sensitive financial information compromised when Equifax was hacked. A detailed forensic analysis undertaken by the Securities and Exchange Commission (SEC) found that information was compromised when the regulator’s EDGAR system was hacked. The WannaCry cyber-attack caused global panic in May, and it was quickly followed by another international cyber-attack, which first hit computer systems in Ukraine and then spread to the U.S. and other countries.
That’s quite a list. In light of these jolting events, the most productive way for financial services and other highly regulated firms to observe National Cybersecurity Awareness Month is to ask themselves if they can answer “yes” to the question, “Are you doing all you can to protect your data properly?”
It’s no secret that cyber-attacks continue to become more sophisticated, and expansive. This past June, an international cyber-attack that first hit computer systems in Ukraine quickly spread to the U.S., Denmark, Australia, and other countries. That attack occurred only a month after the WannaCry cyber-attack caused panic around the world.
Colorado is on track to become the first U.S. state to mandate broker-dealers and fund managers to follow certain procedures to minimize the risk of data breaches by cyber-criminals. This development comes on the heels of New York’s cybersecurity requirements for banks, insurance companies, and other financial institutions regulated by the New York State Department of Financial Services, which went into effect this past March.
In light of the global WannaCry cyber-attack, the rising number of advisors breaking away from wirehouses need to place cybersecurity at the top of their list of priorities as they build their practices.
Approximately 65 advisory teams and individuals departed from wirehouses, established RIAs or independent broker-dealers last year, more than triple the number of breakaways in 2013, according to data from DeVoe and Company. The firm attributes this ongoing breakaway surge to the expiration of the many forgivable loans that wirehouses signed in order to retain or add advisors during the financial crisis of 2008-2009. Now that seven years has passed, and these loans are coming due, the advisors who were given these financial packages are considering their options.
Clients will appreciate that better tech makes them safer, and you more efficient.
All told, wirehouse brokers managed more than $6.3 trillion in client assets at the end of 2015. In the independent channel, there are more than 120 RIAs that each manage at least $1 billion in assets and nearly 300 RIAs each managing between $250 million and $1 billion in assets.
If your firm is like most modern wealth management firms, you use software from several different vendors. Portfolio managers, custodians, business administration and cloud computing providers, just to name a few.
So how confident are you that your client data is safe in the hands of all those other companies? All it takes is one cyber breach at a vendor – or a company the vendor contracts with – to put your firm at risk.
“Software as a Service,” or SaaS, is fast becoming a standard model for RIAs and broker-dealers. There are vast advantages to allowing a vendor to host an application for customers to access through the Internet. Speed, scale and cost-effectiveness are among the greatest benefits of SaaS.
On the other hand, vendors vary wildly in resources and reliability. In the age of rampant cyber crime, wealth management firms must exert vigorous due diligence on all vendors. Here are 10 questions to ask when shopping around.