turn on the privacy and security settings of their devices, search engines and apps, allowing their credentials on every online account to be exposed, which makes it easier for criminals to access their devices.
That’ s happening at the same time malware has advanced and cybercriminals have refined their tactics, leaning to circumvent many of the protections used by wealth managers to safeguard client assets. One of their common attacks involves hacking into a victim’ s telecom account to divert where cell signals are sent, which allows the criminal to intercept multi-factor codes and confirmatory calls from wealth managers. More recently we have helped dozens of families with devices that were infected by remote-access-technology malware, computer viruses that export realtime information to criminals and even enable them to remotely control devices.
The third step for advisors is to fix the breach. That means scanning for and removing malware; resetting dozens of passwords; engaging hundreds of settings; and even changing bank, custodial and telecom accounts. If members of your firm’ s tech staff have breach remediation experience, this should typically take them between 15 and 20 hours of work.
However, the most challenging part is yet to come: when the advisor must explain to the client that it’ s very unlikely they will get money back after a theft. Why? Because it’ s usually left to the discretion of the banks and custodians in the account agreements whether to reimburse clients in situations where the clients might be at fault for the breach, even indirectly.
Financial advisors are at risk, too, since they often referred clients to these custodians. With every such recommendation comes an obligation to disclose and explain the risks involved. So unless the advisor has previously warned clients that they might not get their money back in
such situations, the clients may try and instead recover money from the advisory itself. That exposes it to potential litigation and brand risk.
Obviously, it makes more sense for you to help clients prevent breaches in the first place. Many leading wealth managers( and several of the largest aggregators) regularly conduct classes for their clients on cyber risks and the steps they need to take to protect themselves, as well as provide access to services for those clients who need help.
If you are a wealth manager, it is just a matter of mathematics. At some point in the not-too-distant future, one or more of your clients are going to be breached and lose substantial assets. The only question is what will you do then?
MARK P. HURLEY is the CEO of Digital Privacy & Protection. MARCUS ANDERSON-VALENCIA is the partner-in-charge of breach remediation at Digital Privacy & Protection.
Bookstore
fa-mag. com / bookstore
JANUARY / FEBRUARY 2026 | FINANCIAL ADVISOR MAGAZINE | 25