The world is more connected than ever, but with this increased connectivity comes a higher risk of cyber threats. In recent times, the financial services sector has seen a surge in cyberattacks, with advisers being a prime target.
At our last PortfolioMetrix Young Adviser Roundtable, we covered the topic of Cybersecurity and learned several worrying statistics, highlighting the urgent need for financial advisers to prioritise cybersecurity.
How bad is the problem?
The UK is world-leading (but not proudly): The UK has the dubious honour of having the highest incidence of cyber-attack victims globally, with 4,783 incidents per 1 million people. This figure is significantly higher than the second highest, the United States, which records 1,600 incidents per 1 million people.
Soaring Cybercrime Costs: In 2022, a staggering £2.5 billion was stolen in the UK due to cyberattacks, a disconcerting 63% increase year on year. These attacks affect not only financial institutions but also smaller businesses and individuals, making it a nationwide concern.
Financial Fraud Dominates: Financial fraud constitutes 39% of all reported crimes in the UK, with 4.6 million cases reported annually. Shockingly, only 2% of the police force is dedicated to addressing this growing issue. It's evident that the financial industry is a hotbed for criminal activity, demanding a strong defence.
Why Cybersecurity Matters for Financial Advisers
Here are some compelling reasons why cybersecurity should be a top priority for all financial advice firms:
- Trust Is Paramount: Forty-one percent of clients would never return to a business that has been hacked. Trust is a cornerstone of advice and a breach can erode that trust in an instant.
- It can be terminal: Hiscox says 1 in 6 firms that have been hacked have subsequently gone bust.
- It takes forever to solve: IBM estimates it takes 287 days from first identifying the breach to fully remedying it.
- It’s getting more frequent: 46% of businesses report having experienced a breach or attempted breach in the past 12 months. Financial advisers are prime targets due to the sensitive financial data they handle.
- Protecting Clients from Scams: The FCA has stated that financial crime is one of their biggest focus points. Should we expect new regulations for advisers to follow? Even if we don’t see greater regulation in this area, offering services, such as second-check verification, can be a significant value add for your clients. Anyone can be a victim of financial fraud – don’t assume it’s just the vulnerable. Protecting clients from scams is not just a matter of compliance but a business imperative.
- Your staff are the first line of defence: You’re only as strong as your weakest link. Make sure all your staff have the required training
and give them the confidence to speak up if something doesn’t feel right.
- Top tips from the session
- 86% of hacks originate from phishing. People get caught out by curiosity, fear or a sense of urgency. Don’t click on that link…
- Passwords: Don’t use the same one for everything / Don’t write them down in a notebook / Don’t store them in an Excel spreadsheet / Do use one that is at least 12 characters long / Use memorable phrases made up of 4 random words / Do consider using a password manager.
- Two Factor Authentication (2FA) should be the default for all applications
- If someone calls you and asks you to go through “security questions” to confirm your identity, never disclose your information.
- Never connect to a public Wi-Fi – a hacker can create a clone Wi-Fi masquerading to be “Starbucks” or “Gatwick Airport” which allows them to capture your data (username & password to access a site, online banking details, emails you’re sending) while you’re using it. It’s always better to hotspot off your own mobile phone.
- If your business has been hacked, follow this plan 1) contact the bank to block payments 2) contact your IT provider 3) your compliance consultant 4) alert the FCA 5) inform the Information Commissioner Officer within 72 hours 6) contact the police via Action Fraud
- Outsourced IT and Cyber Essentials: Advisers should ensure that their outsourced IT partners are well-prepared to handle cybersecurity breaches.
- Protection: Cyber insurance is a must-have. It used to be included with business insurance but now has to be bought standalone.
The UK's alarmingly high incidence of cyberattacks, rising costs of cybercrime, and the existential threats posed by breaches should serve as a wake-up call for the industry. Sadly, it's not a matter of if a cyber threat will occur, but when, making cybersecurity readiness an absolute necessity in today's landscape.
Protecting client trust, adopting robust security measures, and staying one step ahead of cybercriminals are essential for any adviser operating in our digital age.
If you need help in this area, I’d be happy to connect you with the relevant resources or people who can help.
