A cyber attack is like an iceberg in that you can usually see the tip of the danger in advance but feel the full force only when it hits you. As a topic it is also cyclical as it is very much on people’s minds in one season and not in others.
After writing this month’s cover feature, on how advice firms are doing with cyber security, I discovered my own could be better. As for firms, the answer is mixed. Bigger advice firms are better resourced and financed than their smaller counterparts.
This is unsurprising, but what is remarkable — to a layman like me — is that a major hack of a sizeable advice firm has not yet occurred.
Or maybe it has, but no one has discovered it. This is one of the most troubling aspects of cyber crime when you read about recent examples. There is usually a lag of three to four months between the initial breach and the report to authorities and clients.
The sector became the second most-targeted industry, globally, in 2022
This trend has occurred in other sectors, such as healthcare and the airlines — and in pensions, most worryingly for advisers.
In March this year, Capita — which administers the country’s largest private pension plan, the Universities Superannuation Scheme (USS) — was compromised. Media reports said the USS estimated that hackers might have stolen pension details from 470,000 members, which had been stored on Capita’s servers.
The breach was serious enough for The Pensions Regulator to write to trustees of schemes that used Capita as an administrator, to ask if their members’ details were at risk.
You feel the full force of a cyber attack only when it hits you
The fact that both retirement and estate planning are such large chunks of advice firms’ revenue stream means those firms should be sensitive to that client data.
These reported incidents are backed up in some surveys. According to recent research from encryption tool NordLocker, the financial sector faced a considerable surge in ransomware attacks last year, with a total of 120 incidents reported.
This increase pushed the sector to become the second most-targeted industry, globally, in 2022. In the past, the manufacturing, construction and transportation sectors were consistently among the most-targeted industries for such attacks.
There is usually a lag of three to four months between the breach and the report to clients and authorities
In 2022, US-based companies bore the brunt of these attacks, with 58 incidents reported. The UK followed with seven attacks, while Canada and Germany each had four. In contrast, in 2021, the US experienced 69 attacks, the UK six, and Canada and France five each. The notorious Russia-linked ransomware gang, LockBit, was behind most of the attacks on the financial sector in both years.
Finally, this is my last MM editorial as acting editor. Katey Pigden will have returned by the time you read this July/August issue.
I’d like to thank the editorial team for all their support over the past year. They have helped me steer the ship, and we all welcome Katey back to the helm!
Michael Klimes is acting editor. Contact him at: michael.klimes@moneymarketing.co.uk
This article featured in the July/August 2023 edition of MM.
If you would like to subscribe to the monthly magazine, please click here.