ESTATE PLANNING | INSURANCE | INVESTING | PORTFOLIO SPOTLIGHT | TECHNOLOGY & OPERATIONS | YOUR PRACTICE
Like Podiatrists Performing Eye Surgery
Advisory firms relying on local IT companies should turn instead to cybersecurity specialists. By Mark Hurley and Steven Ryder
EVERY YEAR, A SUPERB, WIDE-RANGING SURVEY emerges at the annual Technology Tools for Today conference( or“ T3,”) which was this year held in Dallas. The survey, which polls wealth managers about the ways they use technology, got responses from about 2,100 firms of all sizes this time around. And as usual, the findings demonstrate that only a small fraction of the industry has done anything about its cybersecurity. As a matter of fact, 79 % of the participants admitted they don’ t use any cyber-related technology.
That said, the survey’ s architect— Joel Bruckenstein— insisted that these low numbers are not entirely accurate. He believes most firms instead rely on their local IT providers for their cybersecurity. If he is right, then a large part of the industry is doing something analogous to using your podiatrist to perform your eye surgery.
Certainly, these types of companies know a great deal about technology. But just as podiatrists are doctors unqualified to cut on your eyes, local IT providers are no more qualified to oversee any wealth manager’ s cybersecurity.
Why? Cybersecurity is a fast-evolving and extremely complicated field. Cybercriminals are the earliest adopters of artificial intelligence and constantly innovate new tactics— such as deepfakes and“ vishing” attacks( the use of phone calls to get information)— to breach systems and trick industry participants.
Indeed, many local IT companies are incapable of securing their own technology stacks, not to mention those of their clients. And given that they have access to your network infrastructure, if they are breached, it’ s almost certain you’ ll be next.
Of course, some local vendors claim to be cybersecurity experts because they have put software on their platforms( such as endpoint detection) that’ s designed to help them with these risks. However, this kind of application is only a tiny portion of what wealth managers need to protect themselves.
It’ s also hard to overstate how incapable these providers are in the event your firm is breached, especially after regulators and trial lawyers suddenly show up on your doorstep. We have encountered people at many such companies who had no idea what to do when a security incident occurs. Some had never heard of the Securities and Exchange Commission or the Financial Industry Regulatory Authority( Finra), and, needless to say, had not participated in a regulatory audit. Others were incapable of determining the source of a breach, much less how to manage any resulting damage.
But this is understandable. Their job is to provide a lowcost, easily accessible IT solution to companies of all types, and much of their services are irrelevant to what most wealth managers need. To them, a financial advisory firm is just another small business customer, and cybersecurity is an afterthought.
28 | FINANCIAL ADVISOR MAGAZINE | MAY 2025 WWW. FA-MAG. COM