Data breaches ratchet up risks for financial advisory firms

Registered investment advisers and broker-dealers must continue to upgrade their cyberdefenses if they wish to avoid finding themselves in hot water with investors and regulators.

Oct 7, 2017 @ 6:00 am

+ Zoom

Financial advisoryfirms of all kinds have received fair warning that they must strengthen their data security and client identity protocols.

The warning came in the form of the revelation of the huge Equifax cybersecurity breach, the Securities and Exchange Commission breach of 2016, and acknowledgement that the Internal Revenue Service was hacked twice this year — with a February breach exposing the Social Security numbers of at least 464,000 taxpayers. Further, Yahoo revealed that a 2013 security breach exposed information on all of its 3 billion user accounts.

This means that some combination of the names, addresses, passwords, Social Security numbers, birth dates and even driver's licenses and telephone numbers of probably all adult Americans is available for purchase somewhere on the dark web. That in turn means every client of every financial adviser likely is vulnerable to having their assets stolen.

Millions of gateways

It also means hackers have millions of potential gateways through which to access the computer systems of financial firms. Those firms, large and small, will have to continuously step up their cybersecurity efforts, and that will take time and money as the pace and sophistication of cyberattacks are increasing.

Breaches that expose clients' private information, such as was stolen from Equifax, make clients vulnerable to phishing campaigns by hackers. According to the Identity Thrift Resource Center (ITRC) almost half of 2017 hacking attacks involved phishing. Clients might be able to reduce the threat by changing email addresses and passwords, but driver's licenses and especially Social Security numbers remain valid long after a breach.

(More: 7 ways for advisers to help shield clients from Equifax data hack)

Registered investment advisers and brokerages must continue to upgrade their cyberdefenses if they wish to avoid finding themselves in the glare of a cyberbreach spotlight. In particular, they must strengthen their client identification protocols before any transaction is carried out or information given out.

Each company can enhance its value to clients by reaching out to them, explaining how the company is enhancing its cyberdefenses and suggesting steps clients should take to protect themselves.

Through June 30, there were 791 cybersecurity breaches in 2017 that exposed more than 12,389,462 records, before the revelation of the Equifax breach, according to the ITRC and CyberScout, which track such attacks. The number of breaches was up 29% over the same period in 2016. During all of 2016, the number of breaches increased 40% over 2015.

The Equifax breach, because it exposed Social Security numbers and driver's license numbers, along with other personal data of 145 million consumers, was likely the most damaging, as it provided hackers with potential tools with which to access those victims' financial accounts.

The effects of this breach will likely be felt for many years as hackers slowly make use of the information gleaned from the Equifax files. For that reason, financial institutions will have to step up their client verification practices so they do not inadvertently hand client assets over to scammers.

New threats are constantly emerging. What was a solid defense last year might well be a porous one this year. Companies will have to constantly upgrade the defenses of their computers and constantly retrain their staffs on cybersafety practices. According to ITRC, employee error or negligence, or improper disposal of files, was responsible for 9% of data exposure in the first half of 2017. The good news is that figure was down from the same period in 2016.

No company wants to suffer a breach exposing client information, or a loss of client assets. Customers stop doing business with a breached company. According to the Ponemon Institute, a cybersecurity research organization, companies suffer a 7% loss of customers after a breach is reported. For public companies, the stock price drops 5% the day the breach is reported.

This will be an ongoing battle. It will not be "one and done."


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

Apr 30


Retirement Income Summit

Join InvestmentNews at the 12th annual Retirement Income Summit - the industry's premier retirement planning conference.Much has changed - and much remains to be learned. Attend and discuss how the future is full of opportunity for ... Learn more

Featured video


3 tips when hiring millennials

Advisers want to add young talent, but ask if they want to add millennials and most will begin to squirm. Hunter Hart, and Marc Schliefer of Equity Planning Inc. disspell some myths and misconceptions of hiring millennials.

Video Spotlight

The Search for Income

Sponsored by PGIM Investments

Recommended Video

Path to growth

Latest news & opinion

T. Rowe Price steps up its game to serve financial advisers

The Baltimore-based mutual fund giant is more aggressively targeting financial advisers with a beefed-up wholesale crew and placement on custodial platforms.

The most important tax changes for 2018

The Internal Revenue Service issued inflation adjustments to more than 50 tax provisions for 2018.

Shift to Roth 401(k)s 'highly likely' part of tax reform: former Treasury official Mark Iwry

Mandated contributions to Roth accounts would likely only be partial, as opposed to having a full repeal of pre-tax accounts.

E*Trade acquiring custodian Trust Company of America

Discount broker buying second-tier custodian for $275 million.

Another thousand Dow points higher, and investors yawn

Market milestones keep falling like dominoes, with 51 records broken so far this year.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print