10 wealth management highlights from Arizent’s latest cybersecurity research

stock.adobe.com

Wealth management executives are reassessing cybersecurity policies and procedures as they prepare firms for the future.

Growing demand for third-party access data — from both customers and technology vendors — is increasing threat vectors, as is the growing use of mobile devices. These aren’t new trends, but the shift to remote working caused by the coronavirus pandemic has accelerated the influence of these forces. For example, fintech companies initially created to reach younger investors are now embraced by clients of all ages.

It’s more complex than ever for firms to manage and protect client data, and increased complexity has opened the door for increased crime. New research conducted by Arizent, Financial Planning’s parent company, explores the state of cybersecurity across the financial services industry and how leaders are working to protect clients while allowing their firm to innovate.

Here are 10 highlights from the research’s findings on the wealth management industry. The entire report can be found here.

Is cybersecurity having a negative impact on innovation and product development?

On average, a third of financial services organizations struggle with balancing the need for a strong cybersecurity program with innovation and product development goals. However, leaders at wealth management firms are less likely to feel this way than those at banks and insurance carriers.
Cybersecurity1.FP.RWN.022222 (2).jpeg

Is your organization taking the steps necessary to establish or maintain best-in-class cybersecurity practices?

Wealth managers feel confident about their firms’ abilities to create or maintain effective cybersecurity programs, with only 4% indicating they don’t feel confident and another 2% saying they aren’t sure. However, they are less confident than those working at banks or insurance carriers. This may be due to the size of firms surveyed. The largest firms across financial services tended to be the most confident in their cybersecurity policies, but two-thirds of wealth management firms surveyed had fewer than 100 employees, compared to just 17% of banks and 10% of insurance carriers.
Cybersecurity2.FP.RWN.022222 (3).jpeg

Has your organization suffered a data breach in the last 5 years?

Despite feeling less confident, wealth management firms report data breaches at half the rate of insurance carriers and banks. It could be that a data breach incident causes companies to review cybersecurity policies and procedures to improve their position, writes Michael Moesner, Arizent’s senior content strategist and author of the research report. Size also plays a factor, as companies with more clients, assets and employees make for more attractive targets to criminals.
Cybersecurity3.FP.RWN.02_23_22.jpeg

What factors are increasing your organization’s cybersecurity risk profile?

A confluence of factors are increasing cybersecurity risks for financial advisors, including changing client behaviors and changes in work environments driven by the pandemic. While advisors are less worried about clients allowing third-party access to data than banks and insurance carriers, wealth management is more concerned than other firms about new digital tools being used to access data.
Cybersecurity4.FP.RWN.02_23_22 (1).jpeg

Which attacks pose the greatest risk to your business?

Leaders across financial services are most concerned with the threat viruses, malware and ransomware pose over the next 12 to 24 years. Advisors are also particularly concerned with the threat of phishing schemes and an unintended data breach caused by a third party.
Cybersecurity5.FP.RWN.02_23_22.jpeg

What are your top operational concerns related to cybersecurity policies and practices?

The increasing threat landscape is driving a variety of new priorities for financial services firms. They’re working to keep up to date with the latest risks, identifying technology solutions and providing increased cybersecurity training in the firm. Those that have experienced a breach in the last five years are more likely to prioritize cybersecurity training equally with keeping up with the latest threats, indicating that monitoring the latest attacks only helps if a firm isn’t an early victim.
Cybersecurity6.FP.RWN.02_23_22.jpeg

What other cybersecurity concerns are top of mind?

Beyond operational concerns, email security tops the list of concerns for advisors. Identifying and preventing fraud, complying with data privacy requirements and securing hardware are also issues firms across financial services are dealing with. Several concerns hold at least a 25% share among respondents, demonstrating how complex the challenge is for wealth management firms.
Cybersecurity7.FP.RWN.02_23_22.jpeg

How will increased third-party access to client data impact cybersecurity infrastructure?

Enabling third-party access to data can improve a client’s overall experience but is expected to force firms to make significant changes to cybersecurity policies and procedures. Leaders of wealth management firms (and banks) anticipate a need for enhanced vetting of third parties requesting access to data. Firms are also considering changes to identity management practices and new customer validation procedures.
Cybersecurity8.FP.RWN.02_23_22 (1).jpeg

In the next year, how do you expect your organization’s cybersecurity spend to change compared to the previous 12 months?

Companies across the financial services industry are investing more in the ability to assess, address and mitigate cybersecurity risks. Three out of four advisors expect their firms’ overall spending on cybersecurity to increase year-over-year, with more than half expecting an increase of at least 10%. Fewer wealth management firms are using cybersecurity liability insurance than banks or insurance carriers, but 19% say they plan to make the investment.
Cybersecurity9.FP.RWN.02_23_22.jpeg

What steps is your organization taking to assess and address cybersecurity vulnerabilities?

Only a third of wealth management firms are periodically simulating data breaches, and just 21% are routinely attempting to hack into their own IT infrastructures to stress test defenses and identify weakness. This trails both the banking and insurance sectors.
Cybersecurity10.FP.RWN.02_23_22.jpeg
MORE FROM FINANCIAL PLANNING