ESTATE PLANNING | INSURANCE | INVESTING | PORTFOLIO SPOTLIGHT | TECHNOLOGY & OPERATIONS | YOUR PRACTICE
Confronting The Reality Of Cyber Threats
A framework and cybersecurity protocols for wealth management firm CEOs .
By Mark Hurley , Brian Hamburger and Carmine Cicalese
WEALTH MANAGERS FACE A new reality . The costs of cybercrime will soon reach $ 10.5 trillion per year — which is larger than the sale of all illegal drugs worldwide , combined — and financial industry participants and their clients are compelling targets . Numerous firms have already been attacked and millions of dollars of client assets have been stolen .
The U . S . Securities & Exchange Commission , along with many state regulators , has made it clear it will expect industry participants to have cybersecurity protections in place . Unfortunately , most participants have up to now largely ignored cybersecurity . The good news is that an effective program for most firms is neither complicated nor expensive .
However , it is important to dispel two foolish notions prevalent in the industry . First , many people assume that cybercrime can largely be addressed by acquiring the right technology . Certainly , that ’ s a precondition . But it ’ s almost always the human part of tech defense that makes firms vulnerable , regardless of the software being used . The success of any cybersecurity program depends heavily on the behavior of individual stakeholders .
Second , many industry executives think it ’ s inappropriate for their firms to get “ involved ” in their clients ’ or employees ’ personal cybersecurity . That ’ s like a pig believing it ’ s inappropriate to get “ involved ” in a ham and egg breakfast . Cybercriminals have unfortunately stripped wealth managers of that option .
The easiest way to breach a firm ’ s defenses is through its clients and employees working away from the office . A recent study found that 82 % of all financial services company breaches were made through employees working remotely , and nearly every wealth manager has already been subjected to indirect cyberattacks involving their clients .
To create an effective cybersecurity program , you ’ ll need to understand who the bad guys are and what they are trying to steal , as well as what your regulatory obligations are as an industry participant .
Three Core Cybersecurity Concepts It ’ s also important to remember these three concepts : 1 . Everything connected to the internet will at some point be breached , regardless of what people do to stop it .
The behavior of cybercriminals is driven by a cost / benefit analysis tied to how much time and resources are required to breach a company versus the value of what can be stolen .
2 . Cybersecurity is an exercise in risk management and resource allocation .
CEOs must balance the level of cyber risk that their firm can
32 | FINANCIAL ADVISOR MAGAZINE | OCTOBER 2024 WWW . FA-MAG . COM