The biggest U.S. banks and the nation's top defenders are extremely concerned about cyberterrorists' shutting down operations or stealing sensitive information. Why aren't financial advisers more concerned?
Only 30% of financial advisers said they plan to invest in cybersecurity next year, according to the
InvestmentNews Outlook 2015 survey, the results of which will be released Monday.
The topic of cybersecurity did not even make it onto the list of advisers' major concerns.
Regulatory overload actually tops the list of adviser worries. However, if anyone is listening to the Securities and Exchange Commission, state regulators and the Financial Industry Regulatory Authority Inc., all of them want financial firms to better arm themselves against cyberattacks. Even if one's broker-dealer handles overarching technology, an adviser's personal hardware (think mobile devices) must be secured, for example.
(More: "10 ways advisers can improve their cybersecurity")
Cybersecurity questions will be part of the standard conversations state securities regulators have with advisory firms they examine in 2015, according to Patricia Struck, Wisconsin securities administrator and head of the North American Securities Administrators Association's investment adviser committee.
Some people at advisory firms — namely, the compliance professionals — understand the threat.
Three-quarters of financial compliance professionals
listed cybersecurity as one of their firm's top issues in 2014, according to a survey this year by the Investment Adviser Association, ACA Compliance Group and Old Mutual Asset Management. Only 14% feared cybersecurity issues in 2013.
The Investment Adviser Association held compliance workshops this past year and asked advisory firms if their clients had been hacked.
“In some cities almost everyone raised their hands,” said Karen Barr, chief executive of the association.
Some firms have been proactive in arming themselves against cyberattacks, and, most importantly,
ensuring all staff members know the drill to avoid compromises in the practice.
Ms. Barr hopes that in 2015 the SEC will issue some comments on what regulators gleaned from the advisory firm sweeps over the past year that examined cybersecurity procedures.
That could lead to some best practices and more guidance for firms, she said.
Perhaps then more advisory firm leaders will be ready to prioritize cybersecurity when it comes to spending.
