CompaniesApr 19 2017

Cyber criminals shift their focus to financial advisers

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Cyber criminals shift their focus to financial advisers

Digital experts have warned that hackers could increasingly target financial advice firms now retail banks are splurging on cyber security to protect customers’ cash.

Cyber security has become a hot topic in recent months, with the government launching the National Cyber Security Centre to address weaknesses in the IT systems of financial firms, particularly big players such as banks. 

In February, Lloyds joined forces with the likes of Barclays and Santander to share information about cyber threats, just weeks before the banking giant became a victim of an attack which caused a temporary collapse of its digital services.

Edward Parsons, head of cyber defence at digital security firm MWR InfoSecurity, said retail banks have traditionally been the main target for hackers.

However, he said there is a possibility that improvements made to the digital security of retail banks could displace a lot of crime activity and push it into other financial services sectors, such as financial advice and wealth management.

“The major risk from a financial adviser point of view is you are trusted with customer data that includes personal financial information, which is central to your business.

“An attacker might steal that information and either directly monetise it by selling it to a disreputable broker, or monetise it themselves by targeting clients.”

Even when you look past the banks, financial advisers and wealth managers have rich sources of data.Matthew Webb

Last month, the head of adviser support service Panacea revealed he had been the victim of a cyber attack and warned that the hacker was trying to get hold of contact lists. 

Earlier this year, discretionary fund manager Hawksmoor was affected by a phishing scam, but said it was taking “immediate steps” to prevent the issue from happening again.

Mr Parsons said on face value it would make sense for hackers to go after the small firms which might not have robust cyber security systems in place.

However, he said there was something called “security by obscurity”, meaning companies with a relatively low profile are less likely to be targeted when compared to larger players such as high street banks.

The cyber boss also suggested some financial services organisations might be too complex for outsiders to be able to understand, or some might hold information which is not directly monetisable.

“If they can hijack someone’s bank account then they can make payments on their behalf and immediately get money out. But if an organisation does not have that kind of functionality, then attackers are less likely to target them.”

Matthew Webb, head of cyber at insurance group Hiscox, said: “Even when you look past the banks, financial advisers and wealth managers are rich sources of data.”

He described this data as a “treasure trove” for the hacker, and therefore said it was no surprise that these companies are seen as a lucrative target.

“We do see a shift towards hackers building a database of information on an individual, which then allows criminals to steal their identity and set up alternative lines of credit.”

Mr Webb said hackers are more likely to go for the instant bank account option as the first port of call, but said attackers are now moving on to plan B now there are better practices in place for those primary targets.

Stuart Anderson, head of communications at Clarion Wealth Planning, said: “I can see cyber security being a real problem for transactional firms with thousands of clients where the relationship is more hands-off.”

He also said those firms which provide transactional robo-advice will need to make sure their security systems and protocols are “top notch”. 

“I’m no expert, but I wonder whether an IFA firm that has a fee income in the low millions of pounds can really afford the same level of security as a multi-billion pound bank?”

However, Mr Anderson said smaller businesses might not be as vulnerable because they are close to their clients and would know if any activity is outside the scope of a customer’s financial plan.

“We don’t have a big client-adviser ratio and, while we can’t ever be complacent, we are possibly in a better position than some of our competitors to see whether any requested transactions appear to be out of the ordinary.”

katherine.denham@ft.com