Advice firms up cyber security amid ASIC crackdown
Financial advice firms have told Adviser Ratings they are planning to increase their compliance spend by almost a third, including cyber security to reflect a greater understanding of digital risk.
Last week, lnsignia Financial experienced a cyber attack on its Expand platform which affected its superannuation members.
It described the incident as conducted by a “malicious third-party” which involved “credential stuffing” where an unusual number of login attempts targeted the platform, affecting around 100 Expand accounts.
As a result of the increased regulatory scrutiny on cyber and digital practices, early data from Adviser Ratings’ Landscape Report found advisers are increasing investment in material compliance enhancements – including cyber security – by a substantial 31 per cent.
This includes strengthening existing systems, enhancing staff training, developing and testing incident response plans and appropriate cyber insurance coverage.
Research by Numerisk found the average cost of a cyber insurance claim for a financial services organisation is $225,000, with business email compromise accounting for almost half of claims (47 per cent) followed by fund transfer fraud (12 per cent). Small firms typically opt for $1–2 million in limits, rising to $5–10 million for mid-market businesses.
“These financial realities are influencing advice practices’ decisions to redistribute technology spending towards security and compliance rather than new systems.
“With phishing attacks accounting for 79 per cent of the financial services industry’s cyber claims, practices recognise that even basic security measures and staff training can yield significant risk reduction compared to investments in new capabilities.
“Cyber security is no longer just an IT expense – it’s an essential investment in business continuity, client trust, and long-term resilience.”
ASIC has identified cyber security failures by licensees as a major enforcement priority this year and expects licensees to implement and evolve their risk management systems to counter cyber security threats.
In March, it sued FIIG Securities Limited for allegedly failing to have adequate cyber security measures for over four years. This failure led to the theft of approximately 385GB of confidential data, ASIC alleged, with some 18,000 clients notified that their personal information might have been compromised.
One way of ensuring cyber security is up to scratch is by partnering with cyber security specialists who understand the technical aspects of the task and the unique regulatory aspects affecting financial services firms while allowing advisers to focus on their day job.
“Many practices find themselves overwhelmed by rapidly evolving threats, technical terminology, conflicting security recommendations, not to mention the cost (and whether it is reasonable or not),” Adviser Ratings said.
“Rather than attempting to navigate this complex landscape alone, forward-thinking practices are increasingly partnering with dedicated cyber security experts. These specialists can provide tailored risk assessments, implement appropriate security measures proportionate to the practice’s size and client base, and offer ongoing monitoring and support.”
AUTHOR
Laura Dew
Recommended for you
Financial Services Minister, Stephen Jones, has assured the cost and time to enter the financial advice profession will soon be halved, as shadow treasurer Angus Taylor pledges to reach 30,000 advisers.
The positive results of the latest financial adviser exam have helped the advice profession reach 15,600 yet again, according to Wealth Data analysis.
The digital advice platform is officially launching into the financial advice sector, offering up its services to practices as a means of engaging with the next generation of clients.
Transitioning financial intermediaries have helped Netwealth report net flows of $3.5 billion for the March quarter, despite volatile market movements.
