Financial advisory firms face increasing pressure to protect sensitive client information in an evolving cyber threat landscape

Trust is one of the cornerstones of the financial services industry. Clients rely on financial advisors and wealth managers to help with their retirement savings, investments, insurance plans and other critical financial decisions; those professionals are also expected to provide security for the most personal and confidential information that is entrusted to them.

The importance of cybersecurity is increasing among firms in the wealth management industry; this has been demonstrated by recent reports regarding the alleged data breach at Associated Financial Consultants, a financial services advisory firm located in Florida. According to sources within the dark web, "A data breach and subsequent hacking incident taking place at Associated Financial Consultant and its affiliate, Investor Services, occurred on January 13, 2023", while "The attack was claimed by the Akira ransomware group." Although the company has refused to comment on any such incident publicly, it has been reported that the alleged hackers claim to have taken a large quantity of company data.

Ransomware attacks have become one of the biggest threats to businesses around the world over the last few years. Ransomware groups today often target stealing information before locking firms out of their own computer systems, instead of using traditional methods of cyber-attack that only disrupt operations. By stealing this information beforehand, threat actors can leverage the organizations they're extorting by threatening to release or sell this stolen information if the organization does not meet their ransom demands.

This shift in the way in which ransomware attack organizations has created a new perspective on data security for firms providing financial advice. They now see data security as more than just a technology issue—it's an integral part of their relationship with their clients. Investors and clients expect organizations to have appropriate cybersecurity measures in place, monitor for suspicious activity, and respond appropriately to any potential threats. An organization's ability to demonstrate they take protecting client information seriously can greatly affect how confident their customers are in them and how well they do over the long-term.

Also relevant to this incident at Associated Financial Consultants are issues of transparency when cybersecurity incidents take place. When organizations have realized they may have security issues, it's important that they clearly communicate this to their clients so that they can understand both what actually occurred, what information has been affected, and what steps will be taken to remedy the situation. Being able to communicate well can help ease uncertainty and help maintain clients' confidence in an organization during a difficult time.

As digitization continues in the financial industry, threats posed by cybersecurity are changing. There are many benefits of cloud-based solutions, client portals, remote working and electronically managing documents; however, they may pose new security risks to an organization. Organizations need to continually assess their level of security and adapt to new threats that arise.

The financial regulators are also now looking at how cyber-secure companies are in the financial space. Financial institutions are now required to have security controls around how they will protect customer information and how they will protect the confidentiality of sensitive documents. Businesses that do not adequately protect customer's personal information could face the consequences, including legal, regulatory and reputational consequences.

As indicated in some reports regarding the Associated Financial Consultants investigation, a ransomware group claims to have been in possession of employee, client and partner records that include social security numbers, passports, driver's licenses and commercial documentation. At this time, there has been no confirmation from any reputable source regarding the validity of those claims or how much customer information the parties have been exposed to.

While the investigations are in progress, this incident exemplifies how important cyber security is to today's financial services industry. Financial firms that manage retirement assets, provide insurance guidance, or assist families with their financial futures need to provide personalized service yet have strong data protection methods.

The alleged data breach at Associated Financial Consultants shows that cyber security is a key factor in today's wealth management industry. As cyber threats evolve, firms in the financial services industry must continue to protect their customers' private information while being transparent and keeping the trust that is the foundation of all client relationships.