Cyber security top of mind for advisers: Report

Using the survey data from 200 Australian financial advisers, BT’s Adviser Sentiment Index 2024 found that cyber crime remains a top concern among advisers, with more than 80 per cent indicating they are worried about the potential for criminal activity.

Of those surveyed, almost a third (31 per cent) indicated that they had, at some point, been directly targeted by cyber crime.

BT’s executive manager, fraud and financial crime, Merryl Tidyman, explained that in the modern age, data and information have become extremely valuable.

“Data today is a huge financial commodity. We are seeing a huge lift in [cyber crime] like identity theft. Fraud and financial crime are not going away,” Tidyman said.

While the report indicated that advisers seem to believe that preventing cyber crime is, in part, a role of their wealth platform provider, only one in seven respondents indicated they are confident in their primary platform provider’s ability to detect and manage cyber crime, meaning that 30 per cent of advisers are unsure about their platform’s ability to protect their data.

However, Tidyman stressed the importance of all involved parties taking responsibility for preventing cyber crime occurring, particularly given the sensitive nature of the data advisers hold.

“Financial advisers are attractive targets for cyber criminals as they have all their customers’ first, middle and last names, and could be holding copies of identification which is highly problematic, which is very fruitful information for fraudsters,” she said.

“Advisers need to think about the office environment and ensure they have robust controls in place to safeguard their operations and protect their book.

“It’s crucial for advisers to stay up-to-date on their licensee compliance requirements and adhere to their platform’s user agreements, particularly those related to security.”

Tidyman explained that advisers should be taking all necessary precautions to prevent breaches from occurring.

“Don’t keep your password in plain sight on a Post-it note. Don’t share logins. Ensure support staff have their own independent logins and have been identified as per user agreements with providers,” she said.

“At least once a week, make absolutely sure that the transactions appearing in an adviser’s book are exactly what they are expecting to see. Update your systems and apps. A critical patch you are receiving could solve whatever small breach might have been found in a software.

“Go that extra mile, as painful as it is, to get into a rhythm and protect your clients. Put protocols in and stick with them. Eventually, they will become second nature.”

If an adviser or firm does suspect a breach may have occurred, Tidyman stressed that they should immediately contact their platform provider to hopefully prevent further intrusion.

Following this, she said, the adviser “should expect questions around whether they think their book is compromised, or if they are. They will be asked questions around behaviours and what they have been seeing from customers”.

“The adviser will also have to report to their licensee governance compliance person, and they must stay watchful for any other suspicious activity. They can expect their provider to contact them regularly until things settle down,” Tidyman said.

She added: “Fraud always happens. It’s about putting mitigating factors in place to lessen the impact.”