Most financial advisers aren't confident they are well-armed to fight off cyberthieves, or even prepared enough to meet the requirements of the regulators policing their efforts.
Less than a third of advisers “completely agree” that they are 100% prepared to deal with the risks associated with cybersecurity, according to a new study by the Financial Planning Association, which released the data Friday at its annual conference in Baltimore.
Only 18% of advisers said they are “very confident” they would pass a Securities and Exchange Commission examination of their policies and actions on this issue today, with most not even sure they know what those SEC inspectors want from them.
“Advisers are aware of the risk associated with cybersecurity threats, but they're not fully confident in their ability to handle the challenges presented or even on how their firms should navigate a path forward,” said Dan Skiles, president of Shareholders Service Group and an FPA board member.
Advisers say cybersecurity is a top priority for their firm, recognizing the pain it can cause clients if personal information is stolen and used to create fraudulent identities, the survey of 1,015 planners, mostly registered investment advisers, found.
The SEC issued cybersecurity guidance in April 2015 for advisers that recommends they design a strategy that helps to prevent, detect and respond to threats from hackers. It issued a reminder in its April 2016 rule proposal on business continuity plans.
Mr. Skiles suggested advisory firms need to up their cybersecurity preparation.
Two-thirds of advisers said they spent $5,000 or less in the past year — including some that spent nothing at all — developing or implementing cybersecurity policies and action plans, according to the FPA survey that was sponsored by TD Ameritrade Institutional.
“While advisers and their firms rightly see cybersecurity as a major threat to the industry, the response efforts are equivalent to a sprinter who's just popped out of the blocks,” Mr. Skiles said. “They know what the end-game is and where they're going, but they're just getting started and may encounter a number of hurdles along the way.”
Bryan Baas, TD Ameritrade Institutional's director of risk oversight and control, said advisers should be adopting industry best practices and a detailed security plan to protect clients and their firms.
“The reality is cyberfraud is pervasive and advisers cannot eliminate the threat, but they can reduce their risk,” he said.