ESTATE PLANNING | INSURANCE | INVESTING | PORTFOLIO SPOTLIGHT | REAL ESTATE | RETIREMENT | TECHNOLOGY | YOUR PRACTICE
Cybersecurity Is Much Bigger Than An IT Problem
It’ s also part of the client experience— and a new standard of trust in wealth management. By Scott Winters
IF ANYONE IN WEALTH MANAGEMENT STILL THINKS CYbersecurity is a back-office topic best left to the person who also resets the conference-room Wi-Fi, March has been unhelpfully educational. On Friday, March 27, Reuters reported that Lloyds Banking Group exposed the personal data of up to 447,936 customers after a software defect let users see other people’ s transactions and account details. Earlier in March, Britain’ s financial regulator tightened cyber incident and third-party reporting rules after saying more than 40 % of incidents reported in 2025 involved a third party. Apparently,“ someone else handles that” is no longer a strategy.
That matters because trust in advisory relationships is no longer defined solely by advice, performance or responsiveness. It is also defined by protection. RIAs sit on a remarkably concentrated layer of client vulnerability: financial accounts, tax records, estate documents, identity data and a disturbingly complete map of how a family actually lives. Cybercrime was estimated to cost the world $ 10.5 trillion in 2025. At that size, it is less a nuisance and more a shadow economy with excellent growth prospects.
The uncomfortable part is that advisory firms are structured in exactly the way modern attackers prefer. The typical RIA runs on custodians, cloud tools, email chains, e-signature platforms, outside professionals and distributed access across staff and partners. In Verizon’ s“ 2025 Data Breach Investigations Report,” third-party involvement in breaches doubled to 30 %. Credential abuse accounted for 22 % of leading initial attack vectors, and ransomware appeared in 44 % of breaches. In other words, the modern advisory tech stack, while it might be efficient for users, looks like a buffet to cyberattackers.
Financial firms are not being singled out by accident. The Office of the Comptroller of the Currency( OCC) warned in its“ 2025 Cybersecurity and Financial System Resilience Report” that banks and financial service providers continue to face attacks exploiting publicly known vulnerabilities— weak authentication, phishing, compromised credentials, denial-of-service attacks and third-party exposure. And the risk is not theoretical for advisors.
Financial Advisor recently reported a breach disclosure at Edelman Financial Engines and described extortion threats involving Mercer Advisors and Beacon Pointe. These firms are hardly alone. This is no longer a future problem discussed on conference panels between sessions about growth and gratitude. It is a present-tense operating condition.
The bigger mistake is treating cybersecurity as either a compliance box or a technical specialty. It is both of those things, but it is also a
28 | FINANCIAL ADVISOR MAGAZINE | MAY / JUNE 2026 WWW. FA-MAG. COM