Data rich IFAs and Wealth Managers have become a target for cyber criminals.
Five contributors to cyber fraud fears
In the ever-evolving cyber landscape, a few ingredients make for a ripe opportunity for the cyber underworld. They include, but of course are not limited to:
- A business economic crisis
- A cost-of-living crisis
- Geopolitical uncertainty
- War and conflict
- A rise in agile working (increasing use of cloud and personal devices)
These ingredients have come together to create the perfect conditions for fraudulent activity and cyber-crime. Businesses are now having to ask themselves the question of ‘when’ they are targeted, no longer ‘if’ they will be.
Organisations are now focusing on protecting their data and, in the event of a compromise, having the right response plan in place to deal with the fall out. Given the intricate web of data held by independent financial advisors (IFAs) and wealth managers, they are a hot target for criminals seeking to exploit weaknesses. It is not just the customer and advisor relationship that criminals are seeking to exploit, but also the other accounts that are interconnected. Many of these firms do not have dedicated teams to protect their information, presenting a potential weakness along any protective cyber chain.
The risk of a cyber-attack is ever present and dynamic in nature as hackers discover new ways of penetrating defences. The extent to which a firm protects its IT infrastructure, systems and data from cyber-attacks through investment in tools, technology and resources is very much dependent on the firm’s risk profile and risk appetite.
Paul O’Leary, Financial Services Technology and Cyber Risk Assurance Partner comments, “cyber criminals prey on IFAs and wealth managers as they know that data governance practices are typically weak, and many are undergoing significant change and transformation. This provides a potent cocktail of opportunity for an attacker.”
How attacks could occur
Many IFAs and wealth managers are on an exciting journey to transform their services and market proposition, including phone and table-based apps allowing quicker onboarding, easier money inflows, access to total wealth statements and wallets, as well as approvals and signatures of key documents. As they grow and evolve – the processes, practices and ways of working need to consider cyber resilience. Cyber incident response exercises allow leadership to know how well prepared an organisation is, as well as how to respond and recover – and sometimes this can be uncomfortable to hear.