Most advisers' cybersecurity training insufficient

Firms would be better off with shorter, more frequent sessions for employeees

Feb 7, 2017 @ 10:55 am

By Liz Skinner

Financial advisers should be spending about three times as much time training their staff each year on how to protect the firm and client data from cybersecurity dangers, experts said.

About two-thirds of financial advisers spend two hours or less annually on cybersecurity training, according to a TD Ameritrade Institutional survey of advisers taken last year. One third of advisers are spending an hour or less.

“Most firms do it only once a year and cram in an hour or two, and that's totally insufficient,” said Joel Bruckenstein, a financial industry technology consultant. “Training would be much better if it occurred more frequently for shorter periods.”

Firms generally should aim to provide about 30 minutes of training each month to everyone at the firm, going over the latest cyberscams that are going around and reminding everyone about safe online procedures and password safety, he said.

About 6% of firms spend seven hours or more on cybersecurity training, the survey found.

(More: Is cyber insurance worth the cost?)

The cybersecurity guidance issued by the Security and Exchange Commission's Office of Compliance Inspections and Examinations said employees can be a firm's first line of defense if they are properly trained to recognize suspicious activity and understanding the firm's procedures when it comes to reporting issues. Without proper training, though, employees can put a firm's data at risk, it said.

Jared Hoffman, managing director of operations for Buckingham Strategic Wealth, said his firm recognizes the importance of training and hosts several mandatory sessions for employees every year, as well as additional specialized sessions every couple of months.

“This is not a one-time thing. It's constantly evolving because there are new, big scams all the time,” he said.

Training that focuses on specific examples of, for instance, a social engineering email or a fake call from the Internal Revenue Service, are especially effective at making employees see their vulnerabilities and understanding the seriousness of the issue, he said.

(More: Watch for this new cybersecurity scam, IRS warns)

“We keep adapting the presentations to what's happening in the real world,” Mr. Hoffman said.

Careless actions of employees are responsible for about 59% of cyberattacks on businesses, according to a recent study by Kapersky Labs.

Last year Ameriprise Financial had to take action when one of its advisers was discovered to be putting client data at risk by synchronizing files from his office to his home in an unsecure way. The Minneapolis-based firm had to reach out to warn clients about the risk.

About 3% of advisers said they've had firm-level or client data compromised because of a security breach, according to preliminary data from a recent InvestmentNews adviser technology benchmarking study. About 4% of advisers were not sure if data had been compromised, the study found.

(More: What advisers can expect from an SEC exam)

The areas that SEC examiners may look at when they evaluate a firm's cybersecurity preparedness focus on how training is tailored to specific job functions and how the training encourages employees to be responsible, the OCIE guide said.

Brian Edelman, chief executive of Financial Computer Inc., said advisory firms should make sure they are following all the guidance from the SEC if they want to make it through an examination.

“This isn't something the regulators are grading, they just want to see that you're acting on this,” he said.

About half of advisory firms have documented cybersecurity training plans and procedures in place, the TD Ameritrade Institutional survey found.


What do you think?

View comments

Upcoming event

Sep 10


Denver Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Most watched


Young professionals see lots of opportunity to reinvent the advice experience

Members of the 2019 InvestmentNews class of 40 Under 40 have strategies to overcome the challenges of being young in a mature industry.


Young advisers envision a radically different business in five years

Fintech and sustainable investing are two factors being watched closely by some of the 2019 class of InvestmentNews' 40 Under 40.

Latest news & opinion

New Jersey fiduciary rule: Pressure leads to public hearing, comment deadline extension

Industry push results in chance to air grievances on July 17 and another month to present objections.

InvestmentNews' 2019 class of 40 Under 40

Our 40 Under 40 project, now in its sixth year, highlights young talent in the financial advice industry. These individuals illustrate the tremendous potential of those coming up in the profession. These stories will surprise, entertain, educate and inspire.

Galvin to propose fiduciary rule for Massachusetts brokers

The secretary of the commonwealth is proposing a fiduciary standard in response to an SEC investment-advice rule he views as too weak.

Summer reading recommendations from financial advisers

Here are some books that will keep you informed and entertained during summer's downtime

4 strategies for Roth conversions

There's never been a better time to do a Roth conversion, and here are several ways to go about it.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print