It seems every boardroom conversation I have recently touches on a challenge that crosses industries, but is particularly top of mind for wealth management companies: cybersecurity.
It’s no wonder, with recent headlines in major news outlets, such as “Is your wealth manager a target for a cyberattack?” Add to that million-dollar fines for data breaches and this month’s comments by SEC Chair Mary Jo White that cybersecurity is the biggest risk facing financial firms: “What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks.” 
What Ms. White points out is an expensive proposition. As Chris Thompson, Accenture Financial Services Cyber Risk and Resilience Practice lead, put it: “The average annual cost of cyberattacks for financial services firms is $20 million. How many $20 million dollar attacks can you afford?”
I see most wealth management executives coming to terms with a hard truth—a cyber-breach is no longer an “if” but a “when.” The safest game plan is likely to assume your virtual walls will be breached but be sure your cybersecurity plan covers a quick shutdown in the affected area, with backup plans for business to continue as normally as possible.
So many firms are already entrenched in an ecosystem of partners, which is beneficial for business but tough on their risk profile. Your partners’ cyber risk has become yours–and this fact is making many of you understandably nervous. The potential entry points for a breach have gone up exponentially as ecosystems continue to form, and many of them sit outside your typical purview.
Accenture counsels cyber resilience, which we define as—how quickly can you stem a breach and get back to all systems go? How well can you contain the damage by an almost immediate response to any intrusion?
One of the first questions our experts ask is if your technology systems and infrastructure are integrated with general operational risk management efforts? Operational risk and the appetite for it versus the normal conduct of business is a key concern for many of the executives I speak to in my travels. And yet, most do not have an end-to-end framework in place that connects the Chief Risk Officer, Chief Information Officer and Chief Operating Officer.
In many financial firms, despite significant cybersecurity spending over the past several years, critical information is still at high risk of exposure. As the industry digitalizes to meet consumer demands, each digital door a financial institution opens to better serve clients (mobility, cloud, etc.), also opens new vulnerabilities.
We think financial firms need to take a broader, intelligence-based approach to cybersecurity, factoring in new threats such as geopolitical climate, third-party risk and exposed insiders. And executive teams need to double-down on insisting cybersecurity is baked into the business—products, services and digital investments—to help foster sustainable cyber-resilience.
Stephen Culp, Senior Managing Director for Accenture Finance & Risk Services, offers a video series on building cyber resilience. He covers, among other things, how to protect your firm from one of the largest looming threats currently—corporate espionage and insider threats.
If you would like to discuss this topic further or get additional information, please email firstname.lastname@example.org.
[I] Reuters, “SEC says cyber security biggest risk to financial system,” May 18, 2016. Retrieved June 16, 2016 from: http://www.reuters.com/article/us-finance-summit-sec-idUSKCN0Y82K4