"Cybersecurity is an issue that advisory firms are grappling with regardless of their size, and advisers have no margin for error when it comes to properly protecting their clients' personal information," said Dan Skiles, president of Shareholders Service Group and a member of the Financial Planning Association Board of Directors. "It's clear from the research that advisers are aware of the risk associated with cybersecurity threats, but they're not fully confident in their ability to handle the challenges presented or even on how their firms should navigate a path forward."
The research shows that advisers are also less confident in their overall teams' readiness to handle the cybersecurity issues facing the industry. Only 36 percent completely agree with the statement that their teams "fully understand the issues and risks," while 26 percent completely agree their teams feel confident in the ability to manage and mitigate cybersecurity risks.
"The reality is cyber fraud is pervasive and advisers cannot eliminate the threat, but they can reduce their risk. The more that advisers make themselves familiar with safeguarding systems, adopt best practices and create a detailed security plan, the more they can protect their firms and clients," said Bryan Baas, TD Ameritrade Institutional's director of risk oversight and control.
FPA, with the support of TD Ameritrade Institutional, will provide advisers with much-needed, actionable ideas they can implement to address cybersecurity threats through a series of whitepapers that will look at how advisers communicate with clients regarding cybersecurity, how they train their teams on issues related to cybersecurity, and what tools and technology advisers use to protect their businesses.
The research explores how advisers and their firms are viewing the cybersecurity threat to the industry and how advisers are developing and implementing policies and procedures to guard against cybersecurity incidents. Additional key findings from the survey are below.
Policies and Procedures Currently in Place
The research found firms are more likely to have documented policies and procedures in place around governance and risk assessment (57 percent of those surveyed), access rights and controls (59 percent) and data loss prevention (58 percent) than policies and procedures governing training (51 percent), vendor management, and incident response (43 percent for each).
Additionally, of those advisers who have already implemented policies and procedures to prevent cybersecurity attacks, access rights and controls (9 percent of respondents) and incident response (11 percent) were the two areas that were seen as the least challenging elements of creating and implementing a cybersecurity plan.
Only one-quarter (26 percent) of advisers completely agree they're aware of all requirements from the Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) guidelines. Furthermore, just 17 percent of respondents completely agree their teams are aware of all requirements, and just 18 percent are very confident they would pass an OCIE cybersecurity examination if one were administered today.
Half (49 percent) of advisers say they spent less than $10,000 over the past 12 months on external assistance to define and implement policies and procedures, and another 23 percent didn't invest any external spend over the past year. Furthermore, two-thirds of advisers (65 percent) spent less than $5,000 in the past year or spent nothing at all on internal resources to define and implement cybersecurity policies and procedures.
"While advisers and their firms rightly see cybersecurity as a major threat to the industry, the response efforts are equivalent to a sprinter who just popped out of the blocks—they know what the end-goal is and where they're going, but they're just getting started and may encounter a number of hurdles along the way," said FPA's Skiles.
Filling the Gaps on Cybersecurity in the Future
The research showed that certain areas of focus appear to be more pressing among those advisers whose firms do not currently have policies and procedures in place. Developing and implementing policies and procedures around data loss prevention was clearly an area of importance for advisers, as 82 percent say this is something they're actively working on or plan to address. Governance and risk assessment, and incident response were also areas of importance for advisers, with 76 percent and 75 percent, respectively, of advisers saying they're actively working on or plan to address gaps in policies and procedures related to these areas.
Conversely, policies and procedures focused on vendor management appear to fall much further down the list of priorities for advisers. Forty percent say there are no plans to design policies and procedures around vendor management, while nearly just as many advisers (39 percent) don't plan to address gaps in access rights and controls. Policies and procedures around employee training fell nearly the middle, with 30 percent of advisers not planning to address gaps while another 20 percent are actively developing the lacking policies and procedures.
"We can't stress enough that safeguarding your firm's cybersecurity could be the most important business decision you make," said TD Ameritrade's Baas. "Advisers should approach cybersecurity the same way they approach their client investment portfolios: you take time to understand client needs, you develop and implement a plan, and then you continually monitor, review and modify that plan based on changing priorities, environmental factors and preferences."
1,015 financial adviser respondents from across the country, including FPA members and non-members as well as TD Ameritrade Institutional client advisers, responded to an online survey conducted in June – July 2016 by Julie Littlechild of AbsoluteEngagement.com with the majority of respondents identifying themselves as RIAs. The study's overall margin of error is +/- 3.07 percent. Respondents included those who had overall responsibility for policies and procedures, those who had executional responsibility, and those who had both. In-depth questions relating to the specifics of what is being done were asked of the 55 percent of advisers who had a role in execution.
About the Financial Planning Association
The Financial Planning Association® (FPA®) is the principal professional organization for CERTIFIED FINANCIAL PLANNER™ (CFP®) professionals, educators, financial services professionals and students who seek advancement in a growing, dynamic profession. Through a collaborative effort to provide more than 24,000 members with One Connection™ to tools and resources for professional education, business success, advocacy and community, FPA is the indispensable force in the advancement of today's CFP® professional. Learn more about FPA at OneFPA.org and follow on Twitter at twitter.com/fpassociation.
About TD Ameritrade Institutional
TD Ameritrade Institutional is a leading provider of comprehensive brokerage and custody services to more than 5,000 fee-based, independent registered investment advisors and their clients. Our advanced technology platform, coupled with personal support from our dedicated service teams, allows investment advisors to run their practices more efficiently and effectively while optimizing time with clients. TD Ameritrade Institutional is a division of TD Ameritrade, Inc., a brokerage subsidiary of TD Ameritrade Holding Corporation. (NASDAQ: AMTD) Brokerage services provided by TD Ameritrade, Inc., member FINRA / SIPC
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/financial-advisers-acknowledge-cybersecurity-threats-but-many-lack-understanding-to-neutralize-threats-facing-the-industry-300329343.html
SOURCE Financial Planning Association; TD Ameritrade Institutional