Risk management is a key part of many financial advisors’ value propositions. For instance, ensuring clients maintain the proper insurance coverage based on their needs is an important part of the financial planning process. At the same time, clients face another class of risks that advisors often do not consider: cyber.
In this article, guest authors Mark Hurley, Carmin Cicalese, Bryce Washum, and Douglas Garbutt discuss how financial advisory clients face a range of cyber risks, including cybertheft (i.e., stealing a client’s financial assets that are accessible online), identity theft (i.e., using a client’s personal information for financial gain or other purposes), reputational risk (i.e., the release of potentially embarrassing personal information), and physical danger (e.g., when tagged online pictures can be used to identify an individual’s location). Notably, taking steps to protect from these threats not only benefits the client, but can also benefit the advisor as well. Equally important, it is relatively easy and inexpensive to do so. Moreover, given the closeness of advisor-client relationships and the financial implications of many cyber threats, clients often look to their advisors to help them recover from a cyberattack (whether or not the advisor is prepared!); therefore, advisors who help their clients take preventive steps can save both the clients and the advisors themselves significant amounts of time and cost.
While advisory clients are potentially exposed to a variety of cyberthreats, operating online with basic cyber hygiene can reduce and manage them by making the client a more hardened – and therefore, a less attractive – target and preparing them to identify breaches, enabling them to quickly respond and mitigate the damage. Basic cyber hygiene comprises 2 general categories – creating a layered digital security structure (e.g., a combination of technology and series of steps) and overseeing risk management on an ongoing basis (e.g., monitoring the dark web and corporate data breaches, reviewing credit reports annually, and regularly updating protection).
Given the higher financial stakes of cyberthreats, many family offices and advisors working with UHNW clients already offer these and other cybersecurity services to their clients. But when taking into account the ubiquity of cyberthreats and the recognition by clients of potential cyber risks, offering these services to advisory clients further down the wealth spectrum can be an important value-add for advisors to implement. Of course, advisors themselves do not have to be experts in cybersecurity or in implementing a cyber-hygiene program; instead, many advisors will likely choose to work with outside vendors that provide cybersecurity services commensurate with their clients’ needs.
Ultimately, the key point is that even though cyberthreats are more prevalent than ever, cyber-risk management for clients still remains off the radar screens of many financial advisory firms. Which means that many firms have growing opportunities to provide services to their clients that can protect their assets and personal information and, at the same time, potentially improve client growth and retention in the process!