How advice firms can mitigate a major point of cyber ‘vulnerability’

Financial advisers are used to taking care of their clients’ money and ensuring they are protected from market fluctuations, but cyber security is still an area that requires work, with HUB24 senior business strategy manager Greg Hansen telling ifa that for too many, their first reaction is, “It won’t happen to me, I’m too regional or too niche.”

However, when their business is hit by a cyber incident, the stress it causes is not limited to the financial impact.

“What was most interesting about those conversations [with advisers] is the impact that it has on the business and everything else. Because the first thing I think about is the financial impact – how much money they’re going to lose as a practice and that sort of stuff. It’s almost immaterial,” Hansen said.

“When you talk to the principals about the impact on them and their business, they don’t know what information’s gone. They don’t know what they’ve got, they don’t know what they’re going to do with it, they don’t know which client’s going to be affected.

“They’re worried about, ‘Is my client going to lose money? Is my business going to survive?’ The impact on their staff, the impact on them emotionally is absolutely incredible. From a planner’s perspective, you’re looking after someone’s life savings, with the potential for all that to disappear.”

All of this is before even getting to the reputational damage for an advice firm, with their position as a trusted adviser potentially impacted from a cyber incident and having to grapple with how much they need to tell clients.

“That is an incredibly stressful thing,” Hansen said.

“What we’re trying to do is make that realisation real by getting advisers to talk to other advisers about what that experience is like and demonstrate how important it is to have a strong cyber security process.”

According to Hansen, client portals are a way to drastically reduce the dangers involved in communicating with clients by eliminating a “major point of vulnerability”.

“The Australian Signals Directorate puts out a report every year. One major point of vulnerability is the same year after year after year – email,” he said.

“Advice is one of those few experiences that’s still paper and email based.

“If you’re communicating through a portal which has got face verification and the like, then you can take that away immediately.”

He added that it also makes the experience for clients better – including older clients.

“People underestimate how savvy older users are for a couple of reasons,” Hansen said.

“One, because of COVID, they got used to doing everything on mobile. And two, because if you’re dealing with ATO or MyGov or Centrelink or something like that, it’s mobile based, so they’re used to doing things like that.”