How advice firms can guard against cyberattacks

According to the latest government statistics, 43% of businesses reported experiencing a cyberattack in the past 12 months – including some advice firms.

To help firms improve their data security and resilience, the Information Commissioner’s Office (ICO) has published practical tips for small businesses.

Cybercriminals don’t just target airports, banks, or high street retailers – they are equally willing to disrupt smaller businesses. Financial services firms are prime targets, as they hold detailed client data.

The most common types of cybercrime are:

Malware: Malicious software installed after a user clicks a harmful link or downloads an attachment. It can spy on online activity and steal data
Ransomware: Software that blocks access to systems and data until a ransom is paid
Email account takeover: When a fraudster gains access to a genuine email account (often via phishing) leading to data breaches, diverted funds, or misuse of personal data.
Distributed denial of service: Attacks that overwhelm websites, often accompanied by extortion

Current cyberattack trends include the use of malware targeting browser extensions and password managers, social engineering tactics such as vishing (voice phishing), and the exploitation of AI to create deepfakes.

Reports are on the rise

Government data shows that while overall levels of cybercrime have remained steady over the past year, ransomware attacks have doubled, rising from 0.5% to 1% of reported incidents.

We are receiving more reports of cyber incidents, including requests for guidance on reporting procedures and external IT support. Several advice firms have experienced ransomware attacks, typically exploiting staff trust or security weaknesses.

In practice, these attacks often follow this pattern: A phishing email with a malicious link is sent to the firm. A staff member clicks the link. Systems are locked, and a ransom is demanded. The firm loses 5–40 workdays resolving the issue.

Financial losses typically range from £50k–£250k due to disrupted services and lost client access.

Cyber incidents don’t just pose operational risks, they can also damage a firm’s reputation and erode client trust

Some firms pay the ransom; others do not. Losses may be partly recovered through professional indemnity or cyber insurance.

Consequences vary, but the disruption is always significant. Cyber incidents don’t just pose operational risks. They can also damage a firm’s reputation and erode client trust, both critical in financial advice.

Advisers are expected to demonstrate resilience under the FCA’s operational resilience framework and ensure data security as part of Consumer Duty. Data breaches may also need to be reported to the ICO within 72 hours.

Most firms we work with have taken steps to reduce exposure to cybercrime, though some have yet to address even the basics. Fortunately, resources are widely Available.

Safeguarding client data is integral to delivering good outcomes and avoiding foreseeable harm

For tailored advice, firms should engage a cybersecurity specialist to carry out a risk assessment and identify specific vulnerabilities.

It’s also important to review your professional indemnity and cyber insurance cover to ensure policies include scenarios such as ransomware, phishing, and data breaches.

Cybersecurity is not just about operational resilience, it’s about client protection. Safeguarding client data is integral to delivering good outcomes and avoiding foreseeable harm.

Firms that fail to address the basics may face regulatory scrutiny under Consumer Duty.

How to guard against cyberattacks

Looking ahead, cyber threats are evolving rapidly, with AI-generated phishing emails becoming harder to spot. We recommend firms review their cyber resilience at least annually as part of compliance and operational risk planning.

Cybersecurity specialists agree that getting the basics right will prevent the majority of attacks. The ICO recently published updated guidance for small firms, building on advice from the National Cyber Security Centre.

These simple steps are achievable for firms of any size:

Regularly back up data and store backups separately from your main workplace. If possible, encrypt them and test them. Ensure backups are not connected to live systems
Use strong, unique passwords, and enable multi-factor authentication wherever possible
Be mindful of conversations and screens when in public places
Train staff to recognise phishing attempts, which are increasingly sophisticated
Verify suspicious messages directly with the sender
Get reputable anti-virus and malware protection and keep it updated
Protect devices when unattended, ie. lock screens when stepping away
Store devices securely if left for longer periods.
Avoid using public Wi-Fi or use a VPN to protect data
Limit access to information. Suspend access promptly when staff leave or are absent long term
Take care when sharing. Before screen-sharing, close unnecessary windows and disable notifications
Retain data only as long as needed
Dispose of old equipment securely and remove all data beforehand