A cyber attack's impact on a firm, be that a small IFA or a FTSE 100 asset manager, "is the same at all levels" leading to a damage of reputation which can create a loss of clients.
Chief operating officer at adviser platform Multrees, Glenn Murphy, told FTAdviser that while national IFAs with more media exposure and reputational risk to guard against tend to be more prone to cyber attacks, smaller IFAs can feel it just as hard when they are targeted by hackers.
“For established larger IFAs and firms, the risks increase as there will be more relationships, such as multiple clients, partners or vendors and third parties,” Murphy explained.
“While it may give some comfort to the director of a small advisory company that they are less at risk of a cyber attack than a FTSE 100 giant, the impact they must avoid is the same at all levels: loss of reputation equals loss of clients.
“Every IFA especially knows that equipping themselves to tackle cybersecurity is equipping themselves to ensure their reputation continues to remain untarnished.”
Smaller IFAs have fallen victim to cyber attacks over the past year.
In March, Leeds-based IFA The Private Office experienced an email hack just 24 hours before the City watchdog told firms to prioritise cyber resilience.
It saw an “illegitimate” email sent from the address of one of the firm’s chartered financial planners telling recipients to click on a document link regarding an ‘agreement’ with the firm.
That month, the Financial Conduct Authority sent financial firms to guidance laid out by the National Cyber Security Centre, designed to help them increase their cyber security vigilance in response to Russia’s invasion of Ukraine.
“The best guidance is to encourage firms to make sure their processes and technologies are up to date and aligned to the latest expectations,” said Murphy, citing checks on the latest versions of software, regularly verifying who has access to systems, updating defences such as anti-virus software or firewalls, and ensuring backup regimes are in place.
“With so many companies using third party IT and outsourced providers, it is also incumbent on the company to have good vendor management controls in place and to undertake due diligence periodically,” he explained.
Risk of alienating clients
For advisers, the most common form of phishing is where someone poses as a legitimate organisation and sends a fake message by email, telephone or text in an attempt to persuade individuals to give sensitive data such as identification details, passwords or banking details.
That’s according to a Fidelity International report into cyber security and advice firms last year.
It found that just 7 per cent of financial advice firms were planning to hire an IT professional in the next year.
“Cyber security is a huge challenge for all businesses,” said NextWealth managing director, Heather Hopkins.