Why wealth management firms are investing in their own cybersecurity

Holding personal data on high net-worth individuals and conducting large financial transactions make wealth management an attack target, and management is starting to take it seriously.

Multiple exposure of a suited professional/globe/city with abstract financial data/currency symbols.
Metamorworks / Getty Images

As custodians of large amounts of money and data on high net-worth individuals, wealth management firms can make appealing targets for threat actors. Twenty percent of cyberattacks reported to the UK’s Financial Conduct Authority (FCA) in 2018 were targeted at the wholesale and investment management sector. Yet the sector has only recently been making large-scale efforts to improve its cybersecurity.

Wealth management and cybersecurity

Wealth management firms, which are often small, may be a niche part of the financial sector, but are still subject to cybersecurity threats. “Wealth managers don’t typically have the same concerns as average consumer banking businesses,” says Ray Irving, managing director of global business services at the Financial Services Information Sharing and Analysis Center (FS-ISAC). “Customers are less likely to use online banking portals and therefore criminals have less opportunities from the customer side.”

Despite the customer behavior being slightly different, wealth management has been keen to embrace digital transformation. The Personal Investment Management and Financial Advice Association (PIMFA) reports that 95% of wealth management firms either had or were in the process of creating a digital strategy in 2019, up from 80% the year before.

High-capital financial organizations such as wealth management or private equity firms make appealing targets for threat actors, though Irving adds that many wealth management firms manage but don’t necessarily hold the wealth – which may be investments as opposed to liquid assets such as savings – meaning there may be less readily available cash for attackers to siphon away from the company. They hold large amounts of data on wealthy individuals, however, and a KPMG report found that most incidents suffered in the sector have involved client data theft or data loss.

To continue reading this article register now

The 10 most powerful cybersecurity companies