Advice firms represent data ‘treasure chest’ for hackers

AFA cyber attack RI Advice hacking

4 August 2022
| By Laura Dew |
image
image
expand image

Advisers should not be complacent about cyber attacks, even if they are a small firm, as they are sitting on a volume of valuable data for a hacker.

In a webinar, AFA national chair, Ashley Mahadeea, and Fraser Jack, founder of the Cyber Collective Australia, discussed the biggest threats to cybersecurity for advice firms.

“Financial advice firms are 300x more likely to be hacked than other firms, it’s a valuable treasure chest of information. Clients give so much information because they trust the adviser to look after it and that would be very valuable for a hacker.

“Data is an extension of a person’s life and an adviser should look after the data just as they would look after the client.”

If data was extracted from an advice firm’s practice, clients’ identities and accounts could be stolen for gambling or drug syndicates or tax returns could be amended among other problems.

As to what advisers needed to do if an attack happened, Jack said there were multiple agencies that advisers were obligated to contact.

“Number one, they are obligated to let their clients know that their information has been taken, especially if it’s credentials so they can update their passwords and protect them. Then there’s reporting obligations for breaches within the Corporations Act that’s about notifying their licensee and reporting obligations for other government agencies

“So there is a lot of requirements to report and advisers have to fall on their sword and tell their clients that they were unable to protect them when they gave you trusted information.

As to what firms should do, Jack said it should be a high priority for them as there could be high fines and litigation costs if a firm was found to not have taken reasonable steps to prevent against an attack.

Earlier this year, the regulator warned cybersecurity breaches could incur penalties as high as $525 million while it made its first cyber attack ruling in May regarding RI Advice. RI Advice was found to have breached its license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cybersecurity risks.

Jack said: “Licensees will be coming to advisers, if they haven’t done so already, to provide evidence they are doing the right thing because they need to report it to the regulator. The stakes are high because they could lose the trust of their clients, they could lose their business and lose their reputation.

“The cost of putting something like this in place is less than 1% of their turnover and less than 1% of their time so it’s not a big cost to implement.

“The stakes are too high, the chances of it happening are very high and the cost to fix it is reasonably low.”

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

Completely agree Peter. The definition of 'significant change is circumstances relevant to the scope of the advice' is s...

3 weeks 5 days ago

This verdict highlights something deeply wrong and rotten at the heart of the FSCP. We are witnessing a heavy-handed, op...

1 month ago

Interesting. Would be good to know the details of the StrategyOne deal....

1 month ago

Insignia Financial has confirmed it is considering a preliminary non-binding proposal received from a US private equity giant to acquire the firm. ...

1 week 3 days ago

Six of the seven listed financial advice licensees have reported positive share price growth in 2024, with AMP and Insignia successfully reversing earlier losses. ...

6 days 1 hour ago

Specialist wealth platform provider Mason Stevens has become the latest target of an acquisition as it enters a binding agreement with a leading Sydney-based private equi...

5 days 5 hours ago