Cybersecurity articles are notoriously unpopular with financial advisers compared with other industry news, unless it's something drastic like Voya's recent slip-up exposing advisers' Social Security numbers on its website.
When it comes to financial technology, advisers are more likely to peruse something like T3's 2019 Software Survey than they are to learn about how cybersecurity best practices can save them from costly damages tied to data breaches.
I don't think this is about boredom. Based on conversations with advisers and wealth management executives, I've come up with five reasons why you are not reading this cybersecurity article. Those reasons might surprise you, and spark positive action.
1. You trust yourself, your third-party vendors and in-house staff to be careful. Chances are you have discussed cybersecurity threats and written cybersecurity policies adhering to Securities and Exchange Commission or Financial Industry Regulatory Authority Inc. regulations. But without learning about real safeguards — like comprehensive automated tracking, logging and remediation technology — all you have is hope.
2. You have not suffered a data breach nor been fined over one. Why spend time and money on something that has not been a problem? That's like saying because you've never been fined by the IRS, you refuse to learn about tax obligations or because you've never suffered a major illness, you refuse to learn how to stay healthy. Learning how to prevent problems is more effective than learning how to fix problems.
3. You suffered a data breach despite taking precautions. Advisers who have been there may feel that cybersecurity does not work since data breaches are inevitable. But some breaches are much worse than others, and the worst ones are often preventable. And there is a difference between suffering one minor breach and several major breaches. It's always better to discover how to minimize threats.
4. You have errors and omissions or liability insurance. Advisers who can recoup the cost of data breaches that occur due to mistakes or malfeasance have good reason to rest easier than advisers who lack insurance. However, insurance cannot restore reputational damage stemming from a breach that influences clients, prospects and talented staff to look elsewhere. Plus, unless your policy is designed specifically for cybersecurity, you likely are not as well-covered as you think.
5. You are ignoring the issue. We all know advisers who simply do not want to think about cybersecurity. Maybe they do not consider themselves to be tech-savvy, they find the subject frightening or they hope to exit the business before they suffer a data breach. If you fall into one of these camps, you are wishing the problem away, advice you would never give a client. Instead, you would tell them to prepare for the challenge.
Learning how to protect your business requires you to explore new fields, including those that lie outside your comfort zone. Data breaches have become so common that financial advisers cannot afford to remain uninformed about them. When it comes to cybersecurity, the best place to start is by reading the news.
Sid Yenamandra is the co-founder and CEO of Entreda, which provides comprehensive cybersecurity solutions for independent retail financial advice firms and their advisers.