Licensees and advisers respond to the rise of cybercrime
With email being the most-commonly used method of adviser communication with their clients, sharing sensitive documents can come with risk of cybercrime.
As at 31 December 2024, technology research and solutions consultancy Finura Group found 69 per cent of advisers send documents such as Statements of Advice (SOAs) by email. This leaves advisers and their clients open to incidents of cybercrime, an increasingly prevalent activity where sensitive information is shared.
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is the Australian Government’s technical authority on cyber security. It notes cybercrime involves activities such as compromising emails, business
emails, and online banking fraud which currently make up the top three cybercrime types for business.
According to the ASD’s Annual Cyber Threat Report 2023-2024, Business Email Compromise (BEC) where criminals impersonate business representatives by using compromised email accounts or perhaps a domain name that looks like a real business, generated $84million in losses.
Last financial year the ACSC received more than 36,700 calls to its Hotline, an increase of 12% from the previous year, meanwhile the average cost of cybercrime for a small business increased 8% to $49,600, and for a medium business is estimated at $62,800.
The impact of cyber is likely underestimated
Given that privately owned advice licensees with 1-10 advisers account for more than 27% of licensees, these trends are likely to impact a growing number of advisers.
Additionally, the outlined impacts of cybercrime are likely to be conservative given that a business may also be liable for damages to their clients where data and/or privacy has been breached, further blowing out costs.
The Office of the Australian Information Commissioner’s recent legal action against Medibank alleged contraventions of the Privacy Act with a maximum civil penalty of up to $2,220,000 for each contravention, theoretically equating to a cost to the health insurer of $21.5 trillion.
Commenting on the current Medibank Private case where it is alleged the health insurer failed to protect the medical details of 9.7 million Australians following a Russian cybercriminal incident in 2022, Privacy Commissioner Carly Kind said: “This case should serve as a wake-up call to Australian organisations to invest in their digital defences to meet the challenges of an evolving cyber landscape.
"Organisations have an ethical as well as legal duty to protect the personal information they are entrusted with and a responsibility to keep it safe.”
Case study - Centrepoint Alliance – Transitioning to a client portal
Client portals have enabled Centrepoint Alliance’s adviser network to meet its mandated cyber standard and to facilitate client engagement and security.
“We have cyber listed as one of our major risks as a company, but in the end, a lot of cyber comes down to the human firewall,” said Tanya Seale, group executive for technology solutions at the firm.
“That’s where I think an adviser using a client portal helps clients out, because it’s a secure portal. It’s a lot less likely that something could get sent or an adviser could accidentally click a link and it also raises client’s awareness.”
To make the transition to its cyber standard, Centrepoint Alliance hosted several webinars to explain the standard and to provide advisers with some practical solutions on how they could meet the standard.
One of the requirements in the cyber standard was to eliminate the storage of sensitive information in inboxes by eliminating the emailing of sensitive data to clients. To support this, Centrepoint Alliance suggested the usage of Sharepoint, or a move to a client portal.
Seale said the no-email requirement caused the most noise across its adviser network because it changed the way they communicated with their clients.
Initially, some advisers chose to use password protected documents, but this proved cumbersome and did not solve the problem of when clients sent back documents over email that were not password protected.
Over the past year, more of Centrepoint Alliance’s advice network have begun using a client portal to communicate securely with their clients, get documents digitally signed and provide client updates.
“They see the portal representing their business and that this is how they communicate. It is a single point of contact for their clients and everything that they communicate is through the one point.”
Case study - Andrew Sherlock – Sherlock Wealth
An early adopter of a client portal, Sherlock Wealth’s owner and chief executive, Andrew Sherlock, said it’s an integral piece of technology that his business uses with many of its clients.
Sherlock Wealth uses myprosperity to collaborate and to provide its clients with a complete view of their wealth. By utilising the ‘rooms’ function, Sherlock and his advisers can share information with third party professionals, such as lawyers and accountants, as well as authorised family members.
In this way, Sherlock said the client portal is an important intergenerational wealth tool that enables the practice to deliver its clients a complete view of their wealth.
“Increasingly we are working with families with intergenerational wealth and taking a whole of wealth approach. The functionality of myprosperity makes it easier to share information across the generations and provide a whole of family wealth approach.”
When discussing intergenerational planning and succession, Sherlock said the quality and quantity of information is immense.
“We have moved away from emails and use the portal where everything is encrypted. Clients get a notification regarding something they need to action and can then do it all through the portal on their phone if they wish.”
Clients also get a full view of their net wealth position. “It's really helpful to have the full overview of a client’s situation to enable us to give the best advice.
Sherlock said clients are receptive to moving to client portals regardless of age. “We use our client portal as our primary communication method our with clients.
Client portals are fast becoming the solution to cybersecurity challenges, driving secure digital interactions with clients and their data. They are enabling financial professionals to securely share documents and reports with their clients, effectively mitigating a business's exposure to cyber threats.
Greg Hansen is executive for group strategy at HUB24.
Recommended for you
With private equity players taking an interest in acquiring Australian financial planning businesses, what are these firms prioritising when evaluating a potential target?
This year there are more reasons than most to start with a fresh perspective when it comes to reshaping investment strategies, writes Dan Farmer.
For many investors, the promise of ESG investing has been evasive and confusion around the term has led to many investors becoming disillusioned with their portfolios, writes Tony Adams.
Advice businesses that directly contract offshore workers are exposed to legal challenges in light of a recent Fair Work Commission decision, writes Danielle Cornelissen, CEO and founder of 5 ELK.
