Insurance not the cybersecurity answer

Advisers should be taking steps to prevent cybersecurity losses with tools like password protection programs, not by seeking insurance, data security experts said.
Insurance is good to have, but it can give advisers a false sense of protection, Brian Edelman, chief executive of Financial Computer Services, said at the TD Ameritrade Institutional adviser conference in San Diego Thursday.
“At the end of the day, an insurance policy is to cover you financially, not against things like reputational risk,” he said.
Mr. Edelman and others on a cybersecurity panel said one of the most important things advisers need to do is educate employees and clients about proper procedures for communicating and transacting online.
It can even become an “opportunity,” he said, mentioning one adviser who recognizes the challenge of cybersecurity and is hosting a seminar for clients on the topic.
Federal regulators and others at the top levels of national security and governmentare stressing the importance of cybersecurity protection measures by all businesses.
Earlier in the day, former secretary of defense Leon Panetta told about 3,000 attendees at the conference that cybersecurity could be the biggest threat of the 21st century.
OTHER STEPS
Other steps advisers should take include creating detailed cybersecurity compliance procedures and naming a high-level person at the firm as an information security officer. Advisers also should implement a range of technology tools aimed at preventing and identifying online breaches, experts said.
Bryan Baas, director of TD Ameritrade Institutional, said being cognizant of common cybersecurity ploys can help advisers defend against them, too.
Most fraudsters who hack client emails will contact advisers with an excuse for why they call the adviser and request the funds, Mr. Baas said.
Also, advisers also should never use a phone number provided in an email to confirm a trade request nor should they rely on caller ID to confirm a client’s identity because technology can fool those systems, he said.
“At the end of the day, this is not going to be solved by firewalls or encryption, it’s going to be solved by your awareness and policies,” Mr. Baas said.
(More: 10 ways advisers can improve their cybersecurity)
For advisers who are seeking cybersecurity insurance, they should discuss multiple scenarios with companies that offer these policies to make sure it’s a comprehensive plan that would cover their losses under every conceivable situation, according to Mr. Baas.
“The devil is in the details,” he said. “Don’t assume that it will cover you.”