ESTATE PLANNING | INSURANCE | INVESTING | PORTFOLIO SPOTLIGHT | REAL ESTATE | RETIREMENT | TECHNOLOGY | YOUR PRACTICE

Advisors are discovering that client breaches quickly become their problem. By Mark Hurley and Marcus Anderson-Valencia

We see this almost daily, because someone shows up on our doorstep looking for help. Although our business is preventive, our culture is about protecting families from online thugs, so we offer pro bono help to people, too, regardless of whether they are one of our clients. Among the people in their 60s or 70s we usually see, the damage from a breach varies but can often be in the $ 500,000 area. Clients who have been attacked are typically distraught, partly because they have no assurance that the bad ac- tors have been stopped.

We’ re also often struck by how few wealth managers have a clue about what to do when one of their clients is attacked. Many industry participants have seemingly assumed that client cybersecurity is not their problem. They view their job as managing wealth and when it comes to cybersecurity would prefer not to get involved.

But good luck trying to tell someone whom you have advised for years— and who has lost a material amount of their net worth— that a loss they’ ve suffered isn’ t your problem. In those cases, what should you do? The most important first step is to contain the damage, and time is critical, which means you should immediately freeze their bank and custodial accounts.

Though a cyberattack is upsetting when it’ s discovered, it’ s likely that the actual breach itself happened earlier than that. We have found cyber intrusions typically occur at least weeks or even months before the victim notices anything, which means the thieves have already had time to get started. In the time that’ s elapsed, the criminals have likely been methodical, patiently gathering passwords and taking other steps so they can steal large amounts of money. That’ s how they attack corporations. For example, a recent study found companies are typically breached on average about six months before the activity is detected.

The second step is to determine how the client was compromised. Unfortunately, this can be complicated: While most company systems have software that can help them do a forensic analysis of breaches, private families typically don’ t. That means they must perform a diagnosis by exclusion— first determining what the breach isn’ t and then taking steps to address anything else that might have led to the intrusion.

This imperfect process is much more art than science given that clients are breached in a variety of ways. It may be that they used passwords that were too simple, something an outside computer can correctly guess in seconds. They also may have unknowingly infected their device by clicking on a link in an email or text message from a friend or family member. Others might have failed to

24 | FINANCIAL ADVISOR MAGAZINE | JANUARY / FEBRUARY 2026 WWW. FA-MAG. COM