Financial advisors should expect to be held responsible and liable for cybersecurity of clients’ financial data, Mark Hurley told attendees at the T3 annual conference in Tampa today. The presentation was based upon a whitepaper his company, Digital Privacy & Protection, released today
A survey of attendees found that only 25% of advisors at T3 currently are providing cybersecurity services for their firms. Given all the financial data they work with, that's a huge problem.
Hurley, the former CEO of Undiscovered Managers and Fiduciary Network, created a new cybersecurity business, Digital Privacy & Protection, for financial advisors and affluent individuals several years ago so he has a direct interest in the problem. His message to advisors is that cybertheft is only the latest risk their clients face. Others include wealth risk, property risk, health risk and various other legal risks.
Hurley himself has played a prominent role in the evolution of the advisory business. He sold Undiscovered Managers to JP Morgan Asset Management in 2004 and remained on cordial terms.
In 2007, he started Fiduciary Network with Howard Milstein of Emigrant Bank and, within a few years, their relationship deteriorated. Eventually, Milstein bought Hurley out in 2018 and the two men wound up in arbitration. The case is currently under appeal.
Cybertheft is a $10.5 billion business that is bigger than the global drug trade, Hurley claims. Since the pandemic began, it has climbed 600%.
Advisors need to tell clients that “you are going to get hacked. Get over it,” he said in an interview. The key to minimizing the damage for affluent Americans “is to compartmentalize their information,” as that makes it faster to fix a data breach.
Advisors also need to review their agreements with their custodians and broker-dealers and many have inserted legal fineprint that absolves of much of the financial liability should they get hacked. But the problem goes far beyond clients’ brokerage accounts.
Already, there are reports that custodians have terminated relationships with RIAs and sent letters to clients warning them that their advisor has inadequate cybersecurity. These custodians have advised clients to seek another advisor, Hurley says he was told.
One in three Americans has been the victim of identity theft, according to research. Cyber-criminals “don’t have to hack clients’ accounts; they can just steal their identity,” Hurley says.
About 50% of the victims are children who often tend to be cavalier with their data. It is vital for affluent Americans to protect childrens' privacy and safety since 29% have been stalked.
Among the most popular items of private data for cyber thieves are credit cards, tax returns and health insurance information. These criminals are becoming increasingly sophisticated in the methods they use to attack their victims. "They will come after a lawyer differently than an engineer," Hurley said.
Because they reside at the nexus between hundreds of clients and their money, financial advisors and their employees are extremely desirable targets. Several of the nation's biggest law firms, including Covington & Burling and Cravath, already have been victims of debilitating hacks.
In the next few years, Hurley believes it is advisors' interest to offer cybersecurity services to clients. "It's relatively easy and it helps the client relationship," he said., "It's also in advisors' interest and it help justify ongoing fees."
The downside of not offering cybertheft protection is equally obvious. "What's an advisor going to day after a client get hacked? Tell them it's not my job?" he asked rhetorically.