Financial advisers don't want to talk about cybersecurity.
You can see it in the attendance numbers of cybersecurity panels at conferences (though this is improving), as well as in regulator regulators' messaging to the industry to get its act together. Legal and technology experts who work with financial advisers confirm this observation, as does internal
InvestmentNews data on which articles advisers read most (Spoiler alert: Not cybersecurity).
[More:
5 reasons you're not reading this cybersecurity article]
This isn't a criticism of the industry. After all, people don't get into financial planning and investment management to worry about things like
DDoS attacks or penetration testing or SSL encryption. And when
technology vendors and
giant financial institutions can both fall victim to a data breach, what chance do small registered independent advisers have?
This is perhaps why despite being the
top concern among RIA compliance executives for six years running, according to a survey by the Investment Adviser Association and ACA Compliance group, cybersecurity deficiencies are increasing at small firms.
But it's important to talk about and write about cybersecurity because advisers of all sizes have a target on their backs. Not only do they have access to wealthy families' assets, but also personal information that can be bought and sold on the dark web. Independent advisers can also be bait for hackers looking to catch larger fish by infiltrating a custodian or broker-dealer.
My idea is to change how we discuss cybersecurity away from a scary, complicated technology issue to a potential money-making opportunity. Instead of a threat that could destroy your business, what if cybersecurity became a service advisers provided alongside financial planning and portfolio management?
What if advisers become clients' first line of defense to keeping their financial lives safe?
[Recommended Video: Protecting against the insider cybersecurity threat]
To explain what I mean, let me first tell you a bit about my mom. She's retired now after a career working in insurance, including some of the first online insurance firms that launched during the dotcom boom.
Like most of us, she gets a daily deluge of phishing scams in her email inbox, many looking identical to official emails from real financial institutions with which she has accounts. Mom is more tech-savvy than most women her age (which I'm omitting because she's an avid
InvestmentNews reader), but even she has trouble spotting all the fakes.
Many others fall for it. There's a simple reason we all see so many phishing emails: they work.
Luckily, my mother doesn't have to worry about it. Her financial adviser, an independent broker-dealer affiliated with one of the large firms, has said that she will never get a request about one of her financial accounts unless it comes directly from him. Anything else, no matter how legit looking, is a scam.
[Recommended Video: A Bruckenstein cybersecurity update]
There are still plenty of other attack vectors mom has to worry about, but her adviser has removed a huge one from her mind, and the one with most direct access to her financial accounts. He has also helped make her feel secure that those accounts are safe from hackers, all while making her confident that his investment strategy will protect her assets through retirement.
There are other benefits for the adviser as well. Promising to monitor accounts made Mom feel comfortable providing access to held-away assets.
And what better way to demonstrate the value of account aggregation? A client not fully on-board with handing over access to all of her held-away accounts could be swayed by an adviser offering to be the go-to cybersecurity point person for those accounts.
Of course, this puts the onus on the adviser to ensure the accounts are never breached. The whole idea comes toppling down if a hacker gets control of his broker email address.
But if the industry doesn't like talking about security, let's talk about what they love: building relationships, providing value beyond commoditized investing, and, most of all, opportunities to grow their business.
This adviser effectively turned cybersecurity into one of the most valuable services he can provide. What's more "holistic" financial advice than that?