Vulnerable smaller advice firms need to start considering cyber security risks

According to The Cyber Collective and VA Platinum (VAP), small advice businesses are attractive targets for cyber criminals due to the vast amounts of information they hold on clients – often more than a bank.

“Just having one client means that you have so much information on them,” Fraser Jack, founder of The Cyber Collective, told ifa.

“All of their investment information, their banking information, their tax information, their estate planning information, their beneficiaries, their company structures [are all available to cyber criminals].”

Smaller advice practices, according to Jack, are also often seen as “low-hanging fruit” for cyber criminals, with many lacking the infrastructure to effectively manage a breach.

“They wouldn’t have a team that works solely on cyber security in their business. They might be working with IT providers on an ad hoc basis and don’t necessarily have all the training in place that they probably should.”

According to VAP and The Cyber Collective, cyber crime incidents cost small businesses an average of $49,600. The damage to advice businesses can extend far beyond financial loss – potentially harming a practice’s reputation and eroding client trust.

“I think the biggest issue around that is actually the loss of trust,” Jack told ifa in July.

“Losing that trust relationship, or damaging that trust relationship, then takes a long time to try and recover or get back.”

Due to the high cost of maintaining an in-house cyber security team, many smaller advice firms looking to strengthen their protection are turning to outsourcing.

“While outsourcing has traditionally been a trend only seen in large corporations, it has become a lifeline for small to medium-sized businesses looking to improve efficiency,” said Brian Jones, CEO of VAP.

For Jack, outsourcing cyber security may be an expensive exercise for many firms, but the benefits far outweigh the costs.

“I would say that, just like estate planning, if you don’t have things in place and they go wrong, it’s going to cost you 10 to 100 times more to fix than it would to protect.”

The peace of mind that comes with strong cyber security not only benefits advisers – it also adds value to the advice process by providing clients with an extra layer of trust.

Jones added that when looking for a good outsourced cyber security service, especially ones that are overseas, practices need to implement proper checks and balances to ensure quality.

“Implementing simple protocols such as vendor risk assessments as part of the onboarding process, adding enforceable cyber security clauses to outsourcing contracts, operating a zero trust policy for external network access, and using automated third-party risk monitoring tools are some of the key strategies to minimise risk,” Jones added.