Financial cybersecurity breaches: Planning for “when,” not “if”

One in three targeted cybersecurity attacks is successful, according to a recent Accenture study. The same study illustrates that despite companies’ increasing spend in the area—from US$84B globally in 2015 to a predicted US$125B in 2020—attackers are penetrating protections.

As wealth management companies continue to become more digital—advisors and clients using more technologies on more mobile devices—they push to better serve customer needs. Yet, this same digital push puts them at risk for a cybersecurity breach. Several high-profile breaches within the past several years have put wealth management firms in the crosshairs.

As a recent Accenture point of view on cybersecurity in the financial industry points out:

“Despite significant cybersecurity spending over the past several years, many companies are still as exposed as they were before that spend. The Threat Gap—the gap that exists between investments in technology, people and processes to mitigate cybersecurity . . . vulnerabilities—continues to widen. The reasons for that continued exposure vary, but they include a push toward digitalization without the accompanying shift in cybersecurity focus. With each digital door a financial institution opens to better serve clients (mobility, cloud, etc.), new vulnerabilities too often arise. Yet, digitalization is necessary to meet consumer demand for simplified 24/7 access.”

At issue is executives’ confidence in a system that is not working—eight in 10 companies are confident they are adequately protecting customer and company information, according to the Accenture study.

Real-world examples tell a different story.

The U.S. Internal Revenue Service (IRS) said personal information for more than 700,000 American taxpayers was compromised by Russian hackers when the agency’s “Get Transcript” system was hacked in 2016.[1] A U.S bank regulator, the Office of Comptroller of Currency, disclosed unauthorized removal of more than 10,000 records by a former agency employee in 2016.[2]

The Financial Industry Regulatory Authority (FINRA) has made clear its toughened stance on cybersecurity, imposing $14.4 million in fines to a dozen firms for breaches related to the retention of broker-dealers’ and customers’ electronic records.[3] With companies being held responsible for third-party vendors’ actions also, cybersecurity gets more complicated because of the web of relationships within the financial industry.

No firm could afford to put this topic on the back burner. Particularly as most strive to better interact with clients in the digital realm.

As a wealth management firm whose clients are increasingly digitally savvy, how do you continue to offer the benefits of digital while protecting client information and assets?

A few areas come to the fore:

Build a cybersecurity culture. Many enterprise cybersecurity teams still struggle to overcome the gap between the security talent they need and the talent available. In 98 percent of the cases where a breach was not discovered by a security team, it was discovered by an employee. Security is everyone’s job, so training employees matter.

Pressure test security measures to help leaders understand whether they can withstand a targeted, focused attack. Similar in effect to military live-fire training programs, organizations can engage white hat external hackers in “sparring matches” with their cybersecurity teams to assess preparedness and response effectiveness.

Limit access. Many organizations fail to limit internal access to key information, monitor for unusual employee network activities or regularly review access.

To better plan your wealth management firm’s approach to cybersecurity within your larger strategy, email me, Kendra Thompson. I’d be delighted to make the time for a more in-depth conversation.

The post Financial cybersecurity breaches: Planning for “when,” not “if” appeared first on Accenture Capital Markets Blog.