InvestmentNews Editorials

Data breaches ratchet up risks for financial advisory firms

Registered investment advisers and broker-dealers must continue to upgrade their cyberdefenses if they wish to avoid finding themselves in hot water with investors and regulators.

Oct 7, 2017 @ 6:00 am

Financial advisoryfirms of all kinds have received fair warning that they must strengthen their data security and client identity protocols.

The warning came in the form of the revelation of the huge Equifax cybersecurity breach, the Securities and Exchange Commission breach of 2016, and acknowledgement that the Internal Revenue Service was hacked twice this year — with a February breach exposing the Social Security numbers of at least 464,000 taxpayers. Further, Yahoo revealed that a 2013 security breach exposed information on all of its 3 billion user accounts.

This means that some combination of the names, addresses, passwords, Social Security numbers, birth dates and even driver's licenses and telephone numbers of probably all adult Americans is available for purchase somewhere on the dark web. That in turn means every client of every financial adviser likely is vulnerable to having their assets stolen.

Millions of gateways

It also means hackers have millions of potential gateways through which to access the computer systems of financial firms. Those firms, large and small, will have to continuously step up their cybersecurity efforts, and that will take time and money as the pace and sophistication of cyberattacks are increasing.

Breaches that expose clients' private information, such as was stolen from Equifax, make clients vulnerable to phishing campaigns by hackers. According to the Identity Thrift Resource Center (ITRC) almost half of 2017 hacking attacks involved phishing. Clients might be able to reduce the threat by changing email addresses and passwords, but driver's licenses and especially Social Security numbers remain valid long after a breach.

(More: 7 ways for advisers to help shield clients from Equifax data hack)

Registered investment advisers and brokerages must continue to upgrade their cyberdefenses if they wish to avoid finding themselves in the glare of a cyberbreach spotlight. In particular, they must strengthen their client identification protocols before any transaction is carried out or information given out.

Each company can enhance its value to clients by reaching out to them, explaining how the company is enhancing its cyberdefenses and suggesting steps clients should take to protect themselves.

Through June 30, there were 791 cybersecurity breaches in 2017 that exposed more than 12,389,462 records, before the revelation of the Equifax breach, according to the ITRC and CyberScout, which track such attacks. The number of breaches was up 29% over the same period in 2016. During all of 2016, the number of breaches increased 40% over 2015.

The Equifax breach, because it exposed Social Security numbers and driver's license numbers, along with other personal data of 145 million consumers, was likely the most damaging, as it provided hackers with potential tools with which to access those victims' financial accounts.

The effects of this breach will likely be felt for many years as hackers slowly make use of the information gleaned from the Equifax files. For that reason, financial institutions will have to step up their client verification practices so they do not inadvertently hand client assets over to scammers.

New threats are constantly emerging. What was a solid defense last year might well be a porous one this year. Companies will have to constantly upgrade the defenses of their computers and constantly retrain their staffs on cybersafety practices. According to ITRC, employee error or negligence, or improper disposal of files, was responsible for 9% of data exposure in the first half of 2017. The good news is that figure was down from the same period in 2016.

No company wants to suffer a breach exposing client information, or a loss of client assets. Customers stop doing business with a breached company. According to the Ponemon Institute, a cybersecurity research organization, companies suffer a 7% loss of customers after a breach is reported. For public companies, the stock price drops 5% the day the breach is reported.

This will be an ongoing battle. It will not be "one and done."


What do you think?

View comments

Recommended for you

Upcoming Event

Oct 23


Women Adviser Summit - San Francisco

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


How interest rates have affected different types of insurance

Social media and engagement editor Scott Kleinberg and reporter Greg Iacurci discuss a common theme in this week's popular insurance stories.

Latest news & opinion

Trump said 'you're fired' to this adviser on TV in 2005, then LPL fired him for real in 2018

Louisville adviser Mark Lamkin was terminated by LPL, in part for failing to disclose outside business activities.

What not to do when working with couples

These are moves advisers should avoid when they are working with couples as clients.

Private Ocean grows to $2.2 billion with acquisition of Mosaic Financial

Combined financial planning operation gives the firm an expanded footprint in the San Francisco area.

Joe Duran has a game plan, and anyone can play

The CEO of United Capital built a formula for holistic financial planning that any firm can tap into — for a price.

LPL video about private equity looks like a swipe at Cetera

Recruiting video warns about potential consequences for advisers when a PE firm buys a broker-dealer.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print