What will it take to scare firms into action?
By Ian McKenna
Every time I meet Brian Edelman, chief executive of FCI Cyber, I am petrified by what he tells me. But I am also reassured by the knowledge he shares, as I can act on it.
This year, Edelman stressed key issues crucial to protecting customers. While the Financial Conduct Authority is not currently as demanding as the US Securities and Exchange Commission when it comes to an adviser’s cyber security, it is a matter of when, not if, this will change. The industry must prepare now for more stringent regulations.
Perhaps the most significant message is that cyber criminals now recognise what a good target advice firms are. They hold valuable data and, by their smaller nature, are more vulnerable than larger organisations. They are being explicitly targeted for attack.
Edelman stressed the importance of using the cyber security settings you already have. Most systems have strong protections but people do not use them. Have you configured and applied all you can in your email software, for example?
The end connection to the customer is a frequent vulnerability and if this endpoint is not secure, it undermines all the good things you might have done up until then. Advisers must use either secure client portals (probably the best option) or encrypted email for client communications.
Cyber security requires constant vigilance. A recent study found 70% of small businesses that suffer a large data loss close within a year and only 4% of advice firms have cyber insurance. It’s time to act.