Data breaches ratchet up risks for financial advisory firms

Registered investment advisers and broker-dealers must continue to upgrade their cyberdefenses if they wish to avoid finding themselves in hot water with investors and regulators.

Oct 7, 2017 @ 6:00 am

Financial advisoryfirms of all kinds have received fair warning that they must strengthen their data security and client identity protocols.

The warning came in the form of the revelation of the huge Equifax cybersecurity breach, the Securities and Exchange Commission breach of 2016, and acknowledgement that the Internal Revenue Service was hacked twice this year — with a February breach exposing the Social Security numbers of at least 464,000 taxpayers. Further, Yahoo revealed that a 2013 security breach exposed information on all of its 3 billion user accounts.

This means that some combination of the names, addresses, passwords, Social Security numbers, birth dates and even driver's licenses and telephone numbers of probably all adult Americans is available for purchase somewhere on the dark web. That in turn means every client of every financial adviser likely is vulnerable to having their assets stolen.

Millions of gateways

It also means hackers have millions of potential gateways through which to access the computer systems of financial firms. Those firms, large and small, will have to continuously step up their cybersecurity efforts, and that will take time and money as the pace and sophistication of cyberattacks are increasing.

Breaches that expose clients' private information, such as was stolen from Equifax, make clients vulnerable to phishing campaigns by hackers. According to the Identity Thrift Resource Center (ITRC) almost half of 2017 hacking attacks involved phishing. Clients might be able to reduce the threat by changing email addresses and passwords, but driver's licenses and especially Social Security numbers remain valid long after a breach.

(More: 7 ways for advisers to help shield clients from Equifax data hack)

Registered investment advisers and brokerages must continue to upgrade their cyberdefenses if they wish to avoid finding themselves in the glare of a cyberbreach spotlight. In particular, they must strengthen their client identification protocols before any transaction is carried out or information given out.

Each company can enhance its value to clients by reaching out to them, explaining how the company is enhancing its cyberdefenses and suggesting steps clients should take to protect themselves.

Through June 30, there were 791 cybersecurity breaches in 2017 that exposed more than 12,389,462 records, before the revelation of the Equifax breach, according to the ITRC and CyberScout, which track such attacks. The number of breaches was up 29% over the same period in 2016. During all of 2016, the number of breaches increased 40% over 2015.

The Equifax breach, because it exposed Social Security numbers and driver's license numbers, along with other personal data of 145 million consumers, was likely the most damaging, as it provided hackers with potential tools with which to access those victims' financial accounts.

The effects of this breach will likely be felt for many years as hackers slowly make use of the information gleaned from the Equifax files. For that reason, financial institutions will have to step up their client verification practices so they do not inadvertently hand client assets over to scammers.

New threats are constantly emerging. What was a solid defense last year might well be a porous one this year. Companies will have to constantly upgrade the defenses of their computers and constantly retrain their staffs on cybersafety practices. According to ITRC, employee error or negligence, or improper disposal of files, was responsible for 9% of data exposure in the first half of 2017. The good news is that figure was down from the same period in 2016.

No company wants to suffer a breach exposing client information, or a loss of client assets. Customers stop doing business with a breached company. According to the Ponemon Institute, a cybersecurity research organization, companies suffer a 7% loss of customers after a breach is reported. For public companies, the stock price drops 5% the day the breach is reported.

This will be an ongoing battle. It will not be "one and done."


What do you think?

View comments

Recommended for you

Upcoming Event

May 30


Adviser Compensation & Staffing Workshop

The InvestmentNews Research team will present exclusive data and highlights from its bellwether benchmarking study that will identify best practices for setting and structuring compensation and benefits packages throughout your... Learn more

Featured video


How are financial services reacting to 'Times Up?'

There is much left to be done to reach full equality, say Estee Jimerson of Envestnt, but things are improving.

Latest news & opinion

Morningstar evolving well beyond its origins analyzing mutual funds

Led by CEO Kunal Kapoor, firm is moving way past ratings — and financial advisers are paying close attention.

Focus Financial IPO could be a sell signal for RIAs

The $100 million stock offering will fine-tune RIA valuations.

Ex-Edward Jones broker sues former firm, alleging racial bias

Complaint alleges the firm's policies limit African-Americans' 'income and advancement opportunities'

Piwowar defends SEC's best-interest rule

SEC commissioner says the Department of Labor rule set up an 'unworkable, impossible set of standards for people to comply with.'

RIA in a Box acquired by private equity firm Aquiline Capital

New owners plan more growth for the software service provider.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print