It takes an ecosystem to ward off cyberattacks and protect client information

The vigilance of the network of advisers, broker-dealers, clearing firms, product makers and others is needed to keep criminals at bay

Jun 18, 2015 @ 12:11 pm

By Dale Brown

In the technology industry, one metaphor that comes up repeatedly is the idea of the ecosystem — the notion that no technology firm or solution exists in a vacuum, but that they are all connected, benefiting from the experience, innovation and brainpower of their peers, vendors and clients, even as various parts of the system compete against each other. The ecosystem works together to address new opportunities, develop better solutions and identify new threats.

This idea is becoming more and more important in the financial services world as well.

We all have heard the news recently about major corporations and government agencies that were victimized by determined and sophisticated hackers despite impressive security measures and budgets established to deter such threats. It should be obvious by now that no single company in our industry, acting on its own, is going to be successful in warding off cyberattacks and protecting clients' sensitive information without the input and combined vigilance of the entire network of advisers, broker-dealers, clearing firms, product sponsors and others in the financial services ecosystem.

(More: Identity theft hits home)

In my InvestmentNews blog last month, I mentioned some of the activities and resources the Financial Services Institute is bringing to bear to address this serious challenge as part of our first Cybersecurity Awareness Month, which is currently underway.

The first was a comprehensive survey we conducted with Sutherland Asbill & Brennan. The survey queried several aspects of our members' cybersecurity governance, including their vendor management, technical safeguards, cyber policies and procedures.

In addition, FSI is providing access to webinars and white papers from several of our sponsors, and our Cybersecurity Task Force is working diligently with our members to understand the issues they are confronting in the data security arena and facilitate discussions on how to address them.


Many of the questions our task force and sponsors have encountered so far deal with rapidly evolving issues that no individual firm would be able to keep up with over the long term, such as:

• What threats might arise from outsourcing a particular component of a firm's back-office processing?

• What is the optimal structure for a cybersecurity insurance policy, and how will it vary from firm to firm?

• How can firms ensure that their security standards are being applied across the full range of mobile devices that may have access to their network?

• What are the current best practices for conducting due diligence on a third-party vendor's data security measures or on the cybersecurity features of a specific product?

• How can firms demonstrate that they have made a good-faith effort to protect their clients' data given the rapidly changing cybersecurity environment?

• And — maybe most importantly — where should firms be investing their data security budget right now?

Even for advisers and firms who have a solid handle on these questions, the sobering fact is that the answers could change next week.

As the cybersecurity landscape evolves, the roles of the Financial Industry Regulatory Authority Inc., the Securities and Exchange Commission and other regulators in helping to protect clients' critical personal and financial information are evolving as well.

Going forward, members of our industry will need to be aware not only of the wide range of potential threats to their networks and systems, but of changing guidelines regarding data collection, storage and retention. Standards for risk assessment, technical controls, incident response planning, vendor management and many other disciplines will continue to become more stringent and more complex.


Just as advisers tell their clients not to succumb to “analysis paralysis,” though, financial services firms cannot afford to sit on the sidelines or to wait for a hacker-proof data security solution. The more effective response — both for individual firms and their clients — is to recognize that each member of our industry is in this together.

As cybersecurity issues continue to become more complex, the best solution will be more robust and more frequent communication between advisers, firms and all the various components of our industry. Our industry's ability to respond to the challenge of data security will hinge on its success in coming together to continuously learn and identify solutions.

Yes, hackers and data thieves are evolving and becoming more aggressive all the time. By working together, however, we can ensure that the financial services ecosystem continues to grow, adapt and become stronger as well.

Dale Brown is president and chief executive of the Financial Services Institute Inc.


What do you think?

View comments

Recommended for you

Upcoming Event

Nov 13


Top Advisory Firm Summit

Formerly known as the Best Practices Workshop, this new one-day conference will also include content from the Best Places to Work event!The Top Advisory Firm Summit will provide CEOs, COOs, CTOs, CMOs, and Managing Partners from... Learn more

Featured video


Forecasting a revolution in financial planning tools

Special projects editor Liz Skinner and reporter Ryan W. Neal discuss the technology behind financial planning software and how it is helping spur change in the adviser and investor experience.

Latest news & opinion

Former adviser gave college football players money to win business later

Louis 'Marty' Blazer said he gave $10,000 to a player with hopes he could represent him when he turned pro.

Finra suspends former star LPL rep who borrowed client cash

Regulator says James E. 'Jeb' Bashaw borrowed $200,000 from a client in 2013 without telling LPL.

Higher tax bills following reform surprise clients

Lower withholding and the loss of state and local deductions throw many for loop.

Centerbridge said to be in talks to buy Advisor Group

Advisor Group's independent broker-dealer network in the U.S. has more than 7,000 advisers.

The drawback of Richard Thaler's 401(k)-Social Security idea? Social Security itself

Observers think Congress would need to address Social Security's funding levels and offer enhanced protections for the concept to work


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print