Cybersecurity top of mind for investment advisors


What's keeping today's investment advisors up at night? Cybersecurity issues. That was one of the takeaways at the Charles Schwab IMPACT 2015 confab in Boston this week, where 1,800 advisors in attendance were offered at least a half-dozen education sessions devoted to online crime and fraud and how to combat it.

The attention turned out to be particularly timely, with IMPACT kicking off Tuesday just as news broke of federal indictments against three men accused of stealing data from 100 million people last year in one of the biggest cybercrimes on record.

MariuszBlach | Getty Images

Not surprisingly, "cybersecurity has become the No. 1 topic" in the financial industry, said Michelle Thetford, vice president of client strategic solutions at Charles Schwab Advisor Services. Indeed, JPMorgan Chase & Co. — a major victim in that cybercrime case — reportedly upped its cybersecurity spending budget to $500 million for 2015. Research firm Gartner predicts global spending on cybersecurity technology will reach $75.4 billion this year.

The Dow Jones news ticker in Times Square in New York.
Dow Jones refutes reported hacking

Such spending is warranted in combating a type of crime that occurs literally at the speed of light, say experts. Cybercrime "is much faster than the normal threat we're used to seeing," said Greg Ruppert, vice president and head of Schwab's Financial Crimes Investigations division, describing cybersecurity as "13 letters, two words — and infinite fear."

"Why are we afraid?" he said. "Two things: We know just enough … to be afraid." Education and preparation can help thwart cybercrime, which Ruppert termed a real and present "threat" rather than a vague "risk." Think code red rather than orange or yellow.

The more you prepare, the less you are going to have to worry about response.
Michelle Thetford
vice president, client strategic solutions, Charles Schwab Advisor Services

For her part, Thetford recommended that investment advisors in the trenches take a three-pronged approach to cybersecurity: Prepare their team and clients for the possibility of online fraud, prevent and detect it, and respond when it is suspected — with the first step being most important.

"The more you prepare, the less you are going to have to worry about response," she said, noting that implementation of proper internal controls can prevent up to 95 percent of potential external fraud the typical financial firm faces.

Participants at a hacking conference.
Here's why companies are still getting hacked

Another key concern for advisors, in particular, is educating investor clients about the differences between online brokerage fraud and simple ID theft.

"If there is a fraudulent disbursement on a brokerage account, that is not handled like a credit card, where it's automatically reimbursed," said Thetford, noting that an advisor, his or her client and the brokerage firm concerned must confer to determine accountability for the loss. "If it be any one of the three in that equation, it is not an automatic reimbursement, and your clients need to understand that difference."