There are two main forces changing the way registered investment advisers think about cybersecurity and operating a firm — regulators and remote work.
As the industry waits for the Securities and Exchange Commission’s final rules on cybersecurity, RIAs can take steps now to better safeguard themselves and their clients. In addition, advisers and staff need to be able to switch between applications securely, regardless of whether they are working in the office or elsewhere.
Remote work shines a spotlight on the issue of controlling access to data and applications. Although the in-office environment affords RIAs the most control over technology and systems, the majority of us are not going back to the office 100% of the time.
Protecting access to the firm’s technology, core business applications and systems goes beyond antivirus software and policies. It means multifactor authentication and encrypted passwords so that login credentials cannot be easily compromised. It also includes artificial intelligence-enabled data protection technology that actively studies user behavior to establish patterns and flag aberrations or disruptions as potential cyber-events so they can be immediately stopped and contained before cyberthief has successfully hacked into an entire system.
It takes time and resources to protect a firm from breaches and comply with SEC rules. The increase in number and severity of cybersecurity attacks, coupled with a rise in enforcement, can only mean that RIAs will need to increase their IT budgets.
Outside of the costs of having the right technology and support in place, there are costs associated with cybersecurity assessments, which are based on audits of the firm’s actual security policies. There are also premiums for cybersecurity insurance to consider.
RIAs may also need to account for a loss in overall productivity from advisers and staff as a by-product of having to complete cybersecurity assessments and related regulatory requirements.
The SEC’s longstanding recommendation to document cybersecurity policies and procedures may finally become a rule. Firms will need to write down how they address cybersecurity risks specific to their clients and operations.
Firms must also be able to show how policies are being implemented and demonstrate that they are protecting clients’ interests. This includes minimizing risks that can lead to operational disruptions or lost or theft of client information.
RIAs should already be documenting their cybersecurity policies and tracking incidents as part of business continuity planning and for insurance purposes. In the event of a data breach or cybersecurity attack, insurance companies want firms to provide a written record of their actions, policies and protocols.
A remote or virtual work environment means change for RIAs that were configured to have everyone in the office. Different technology is needed to secure a remote workforce, which has unique cybersecurity challenges. Remote work mandates that certain levels of security are in place to protect the firm.
Simply picking a product off the shelf without careful thought or change management will lead to frustration. The technology decision will influence how the firm works, shaping everything from workflows to security policy and operational protocols. Thoughtful, strategic implementation and management is critical.
Wes Stillman is founder and chief technology officer of RightSize Solutions, which provides IT and cybersecurity management solutions to RIAs and other wealth management firms.
From outstanding individuals to innovative organizations, find out who made the final shortlist for top honors at the IN awards, now in its second year.
Cresset's Susie Cranston is expecting an economic recession, but says her $65 billion RIA sees "great opportunity" to keep investing in a down market.
“There’s a big pull to alternative investments right now because of volatility of the stock market,” Kevin Gannon, CEO of Robert A. Stanger & Co., said.
Sellers shift focus: It's not about succession anymore.
Platform being adopted by independent-minded advisors who see insurance as a core pillar of their business.
RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.
As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.
