Since advisory firms left their offices in mid-March for an indefinite period of working remotely, industry regulators and cybersecurity experts have been warning about a potential uptick in fraudulent activity and network attacks.
While all firms need to be vigilant about new threats in a time of video meetings and living room offices, the 2020 InvestmentNews Adviser Technology Study presents several findings that underscore the particular vulnerabilities of smaller firms.
The annual study is based on a survey of hundreds of advisory firms that was completed just as most US cities began pandemic-related lockdowns, providing a snapshot of technology in the industry as it entered a new normal. Among other things, the study examines technology policies and practices at firms in different size cohorts.
That may be why the largest firms seem more attuned to the risk. Although about 90% of firms of all sizes had general cybersecurity procedures in place, the biggest firms were more detailed in their documented policies. Most crucially for the new remote work environment, only 43% of solo firms had policies on the use of nonbusiness devices for work, compared with 83% of the largest firms. Although the gaps were not as significant, large firms were also more likely to have encryption on all devices and continuity-of-business plans in place.
Smaller firms have been less likely to experience a breach of client or firm-level information in the past, but experts caution that increased electronic communication and hastily arranged remote work environments have led to a surge in all categories of cyberattacks. For some of these firms, the financial and reputational fallout from a data breach could mean the end of their business. Fewer than half of solo firms have E&O insurance that covers cybersecurity liability without a sublimit, and only 26% own supplemental insurance policies, compared with 75% of the largest firms.
To be sure, a volatile market and an unprecedented disruption to business will make it harder than ever to focus on new technology investments, especially for smaller firms with already limited budgets. But with scammers casting a wider net, every firm will be a target. Every firm, regardless of size or prominence, should be prepared.
For more information on adviser technology, download the If you have any input or ideas for upcoming research, please contact the IN Research team at [email protected]