ESTATE PLANNING | INSURANCE | INVESTING | PORTFOLIO SPOTLIGHT | TECHNOLOGY & OPERATIONS | YOUR PRACTICE

You have to take several immediate and thoughtful actions after a cyberattack .

By Mark Hurley and Steven Ryder

Wealth management businesses are built entirely on clients ’ trust — trust that their advisors will safeguard their assets and their families . But when their money and personal information is lost to cybercriminals , it undermines their firm ’ s credibility with every client , not just those immediately impacted .

And clients aren ’ t the only ones who might suddenly reconsider their relationship with a wealth manager whose data has been compromised . The firm ’ s custodians and regulators are also going to be rethinking . The former must evaluate whether it is worth the risk to continue to custody a firm ’ s client assets . Regulators must decide whether a firm ’ s management has met its obligations to have adequate cybersecurity policies and procedures . They ’ re likely to consider a potential enforcement action against the firm and some of its employees .

Surviving such a crisis requires several immediate and thoughtful actions by management . However , the success of whatever the firm ’ s managers do depends on their first quickly determining what happened and expeditiously taking preventative measures — otherwise , such crises are likely to happen again .

Why ? Because cybercriminals are like sharks . Just as sea predators regularly go back to those areas of the ocean where they have found the most food , these kinds of criminals return to where they have had success . They will repeatedly attack the same orga- nizations using the same tactics until they no longer work .

Unfortunately , figuring out precisely how a company was breached can be very challenging . Indeed , a recent study by cybersecurity firm Mandiant found that it takes 10 days , on average , after a cybercriminal has penetrated a company system before they are detected . Hence , it ’ s imperative that company systems be designed to immediately detect compromises and provide owners with an opportunity to contain any potential damage .

This is particularly difficult in wealth management , where cybercriminals rarely directly attack a company ’ s systems . Nearly every breach we have encountered in this industry was initiated through indirect attacks that targeted points at which employees and clients interface with technology .

Cybercriminals do this in many ways . For example , they will often breach client and employee personal email accounts , use computers and AI software to quickly read them , and then generate emails to employee work accounts that include attachments infected with computer viruses . Should the target open the attachment , company systems are compromised , giving criminals access to them and enabling the attackers to initiate or alter transactions . Indeed , cybercriminals have even been able

JANUARY / FEBRUARY 2025 | FINANCIAL ADVISOR MAGAZINE | 29