Cyber security is an issue that is rarely out of the headlines. Studies show 60% or more small businesses close within six months of a data loss, so this is something to be constantly vigilant about.
A recent study from global security group Kroll, entitled The State of Cyber Defence 2023: Detection and Response Maturity Model, collected feedback from 1,000 global cyber security leaders and makes for chilling reading – not least because if a firm is large enough to have a global cyber security leader they should be on top of their cyber security needs.
The reality is anything but, with the report providing clear evidence of a very significant gap between large firms’ perception of their cyber capability and their actual resilience.You would hope our largest financial institutions would treat protection of client data as crucial but, as anyone who does any amount of work in the workplace pensions market knows, the truth is totally different.
I see a strong case for the establishment of a whitelist of tech suppliers that have been properly audited and continue to implement every possible protection
How many times have you come across a pension provider distributing electronic statements or similar information that is password protected, while saying in the accompanying message that the password for the attachment is the client’s date of birth or some equally simple piece of information all too easily accessible on the dark web?
Earlier this year, the so-called Moveit hack was identified. This involved hackers gaining access to a widely used piece of data transfer software but, instead of seeking to ransom the software providers, they just accumulated the data that was being moved over it.
According to TechCrunch, this has impacted more than 60 million people across 1,000 organisations.
TechCrunch says 84% of these were in the US, 3.6% in Germany, 2.6% in Canada and 2.1% in the UK.
You would hope our largest financial institutions would treat protection of client data as crucial but the truth is totally different
Personally, I suspect the UK data is very conservative as one of the organisations hacked was a major payroll systems provider. As a result, many of the largest businesses in the country are now facing class actions from their own employees. Try googling ‘Moveit hack UK class action’ and you’ll be amazed by the names impacted.This makes it very clear you simply cannot trust anyone when it comes to cyber security and businesses need to have ways not just to protect their own systems and data, but also to audit the systems of all their technology suppliers.
This is an area where technology suppliers could play a valuable role in supporting their adviser customers. Firms like this have – or perhaps I should say ‘should have’ – the ability to help advisers manage many of these cyber security risks.
Studies show 60% or more small businesses close within six months of a data loss
I see a strong case for the establishment of a whitelist of tech suppliers that have been properly audited and continue to implement every possible protection. While it is certainly true advisers must take responsibility for data in their businesses, there must also be a strong case for tech suppliers building services to help them address these ever-growing risks.
In the meantime, AdviserSoftware.com recently launched an updated version of its cyber security guide for advisers, which can be downloaded here. Stay safe everybody.
Ian McKenna is founder of FTRC
Comments