Vasily Pindyurin | fStop | Getty Images
Cyber criminals steal billions of dollars a year from financial firms. Financial advisors – and their clients – are at risk as attacks increase and grow more complex, according to security experts.
“Advisors have one thing the bad actors want, and that’s money,” said Brian Edelman, chief executive of FCI, a cybersecurity firm specializing in financial services. “They’re the gatekeepers to a lot of money.”
More from Advisor Insight:
How to protect yourself from rogue financial advisors
What to do before making a charitable donation
Here’s when active mutual funds may make more sense than index funds
Registered investment advisors, or RIAs, manage more than $4.7 trillion dollars in client assets — about a fourth of all assets under management, according to TD Ameritrade. By 2022, that figure could grow by $1.4 trillion, according to the firm.
In addition to being a central repository for customer money, financial firms are attractive to scammers due to their valuable customer data, according to a White House Council of Economic Advisors report, which found that cybercrime cost the U.S. economy between $57 billion and $109 billion in 2016.
The finance sector, both public and private, suffered the largest number of security breaches relative to other industries that year, according to the White House analysis.
It could have gone a very different direction because the quality of the fake was quite, quite good.
founder of Inspired Financial
Investors don’t often ask about their financial planner’s cyber protocols, said Evelyn Zohlen, a certified financial planner and founder of Inspired Financial in Huntington Beach, Calif. Yet inquiring about protective measures should be on each client checklist.
“They should care because by the time there’s been an incident and they’re asking, it’s too late,” she said.
Here are five important questions investors should ask current and prospective financial advisors about their cyber protections, according to Edelman:
• What would you do if you have a security incident involving my confidential information?
• How do you protect my data?
• How can you show that you are in compliance with cyber regulations?
• Do you have cyber insurance?
• Do you have a third party validating that you are secure?
These points are either cyber requirements or recommendations from financial regulators like the SEC and Financial Industry Regulatory Authority, Edelman said.
Investors should ask for proof that advisors can demonstrate or justify their answers, Edelman said. They should also take note of their client experience — for example, do investors receive encrypted e-mail messages and need multi-factor authentication to access the client portal, Edelman said.
“There are two kinds of financial services firms: those that have faced a cyberattack and those that will,” according to the consulting firm PwC.
Almost half of companies experienced some type of financial fraud in the past two years, cybercrime being the most prevalent, according to a recent poll of 5,000 global firms by PwC. About 1 in 10 companies lost more than $50 million. Just 56% investigated the incident.
Zohlen might have inadvertently wired $80,000 of client money to scammers this fall if it weren’t for cyber controls instituted at the firm.
“It could have gone a very different direction because the quality of the fake w