BALTIMORE, Sept. 16, 2016 /PRNewswire/ -- An overwhelming
majority of financial advisers (81 percent) identify
cybersecurity as a high priority, and yet many lack a clear
understanding of the risks or a path forward to neutralize this
critical issue, according to new data from the Financial Planning
Association's FPA Research and Practice Institute™, sponsored by TD
Ameritrade Institutional.
Despite the fact that seven in 10 advisers say their
clients are at least somewhat aware of the risks associated with
data security, the Is Your Data Safe? The 2016 Financial Adviser
Cybersecurity Assessment (www.OneFPA.org/Cybersecurity) reveals
that less than half (44 percent) of advisers
completely agree that they fully understand the issues and risks
associated with cybersecurity. Furthermore, only 29 percent
of advisers completely agree with the statement that they are
"fully prepared to manage and mitigate the risks associated with
cybersecurity."
"Cybersecurity is an issue that advisory firms are grappling
with regardless of their size, and advisers have no margin for
error when it comes to properly protecting their clients' personal
information," said Dan Skiles,
president of Shareholders Service Group and a member of the
Financial Planning Association Board of Directors. "It's clear from
the research that advisers are aware of the risk associated with
cybersecurity threats, but they're not fully confident in their
ability to handle the challenges presented or even on how their
firms should navigate a path forward."
The research shows that advisers are also less confident in
their overall teams' readiness to handle the cybersecurity issues
facing the industry. Only 36 percent completely agree with
the statement that their teams "fully understand the issues and
risks," while 26 percent completely agree their teams feel
confident in the ability to manage and mitigate cybersecurity
risks.
"The reality is cyber fraud is pervasive and advisers cannot
eliminate the threat, but they can reduce their risk. The more that
advisers make themselves familiar with safeguarding systems, adopt
best practices and create a detailed security plan, the more they
can protect their firms and clients," said Bryan Baas, TD
Ameritrade Institutional's director of risk oversight and
control.
FPA, with the support of TD Ameritrade Institutional, will
provide advisers with much-needed, actionable ideas they can
implement to address cybersecurity threats through a series of
whitepapers that will look at how advisers communicate with clients
regarding cybersecurity, how they train their teams on issues
related to cybersecurity, and what tools and technology advisers
use to protect their businesses.
The research explores how advisers and their firms are viewing
the cybersecurity threat to the industry and how advisers are
developing and implementing policies and procedures to guard
against cybersecurity incidents. Additional key findings from the
survey are below.
Policies and Procedures Currently in Place
The research found firms are more likely to have documented
policies and procedures in place around governance and risk
assessment (57 percent of those surveyed), access rights and
controls (59 percent) and data loss prevention (58
percent) than policies and procedures governing training (51
percent), vendor management, and incident response (43
percent for each).
Additionally, of those advisers who have already implemented
policies and procedures to prevent cybersecurity attacks,
access rights and controls (9 percent of respondents)
and incident response (11 percent) were the two areas that
were seen as the least challenging elements of creating and
implementing a cybersecurity plan.
Only one-quarter (26 percent) of advisers completely
agree they're aware of all requirements from the Securities and
Exchange Commission's Office of Compliance Inspections and
Examinations (OCIE) guidelines. Furthermore, just 17 percent
of respondents completely agree their teams are aware of all
requirements, and just 18 percent are very confident they
would pass an OCIE cybersecurity examination if one were
administered today.
Half (49 percent) of advisers say they spent less than
$10,000 over the past 12 months on
external assistance to define and implement policies and
procedures, and another 23 percent didn't invest any
external spend over the past year. Furthermore, two-thirds of
advisers (65 percent) spent less than $5,000 in the past year or spent nothing at all
on internal resources to define and implement cybersecurity
policies and procedures.
"While advisers and their firms rightly see cybersecurity as a
major threat to the industry, the response efforts are equivalent
to a sprinter who just popped out of the blocks—they know what the
end-goal is and where they're going, but they're just getting
started and may encounter a number of hurdles along the way," said
FPA's Skiles.
Filling the Gaps on Cybersecurity in the Future
The research showed that certain areas of focus appear to be
more pressing among those advisers whose firms do not currently
have policies and procedures in place. Developing and implementing
policies and procedures around data loss prevention was clearly an
area of importance for advisers, as 82 percent say this is
something they're actively working on or plan to address.
Governance and risk assessment, and incident response were also
areas of importance for advisers, with 76 percent and 75
percent, respectively, of advisers saying they're actively
working on or plan to address gaps in policies and procedures
related to these areas.
Conversely, policies and procedures focused on vendor management
appear to fall much further down the list of priorities for
advisers. Forty percent say there are no plans to design
policies and procedures around vendor management, while nearly just
as many advisers (39 percent) don't plan to address gaps in
access rights and controls. Policies and procedures around employee
training fell nearly the middle, with 30 percent of advisers
not planning to address gaps while another 20 percent are
actively developing the lacking policies and procedures.
"We can't stress enough that safeguarding your firm's
cybersecurity could be the most important business decision you
make," said TD Ameritrade's Baas. "Advisers should approach
cybersecurity the same way they approach their client investment
portfolios: you take time to understand client needs, you develop
and implement a plan, and then you continually monitor, review and
modify that plan based on changing priorities, environmental
factors and preferences."
Survey Methodology
1,015 financial adviser respondents from across the country,
including FPA members and non-members as well as TD Ameritrade
Institutional client advisers, responded to an online survey
conducted in June – July 2016 by
Julie Littlechild of
AbsoluteEngagement.com with the majority of respondents identifying
themselves as RIAs. The study's overall margin of error is +/- 3.07
percent. Respondents included those who had overall responsibility
for policies and procedures, those who had executional
responsibility, and those who had both. In-depth questions relating
to the specifics of what is being done were asked of the 55 percent
of advisers who had a role in execution.
About the Financial Planning Association
The Financial Planning Association® (FPA®) is the principal
professional organization for CERTIFIED FINANCIAL
PLANNER™ (CFP®) professionals, educators, financial
services professionals and students who seek advancement in a
growing, dynamic profession. Through a collaborative effort to
provide more than 24,000 members with One Connection™
to tools and resources for professional education, business
success, advocacy and community, FPA is the indispensable force in
the advancement of today's CFP® professional. Learn more about FPA
at OneFPA.org and follow on Twitter at
twitter.com/fpassociation.
About TD Ameritrade Institutional
TD Ameritrade Institutional is a leading provider of
comprehensive brokerage and custody services to more than 5,000
fee-based, independent registered investment advisors and their
clients. Our advanced technology platform, coupled with personal
support from our dedicated service teams, allows investment
advisors to run their practices more efficiently and effectively
while optimizing time with clients. TD Ameritrade Institutional is
a division of TD Ameritrade, Inc., a brokerage subsidiary of TD
Ameritrade Holding Corporation. (NASDAQ: AMTD) Brokerage
services provided by TD Ameritrade, Inc., member FINRA / SIPC
CONTACT:
|
Ben Lewis
|
Joseph
Giannone
|
|
BLewis@OneFPA.org
|
joseph.giannone@tdameritrade.com
|
|
P:
303.867.7190
|
P:
201-369-8705
|
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/financial-advisers-acknowledge-cybersecurity-threats-but-many-lack-understanding-to-neutralize-threats-facing-the-industry-300329343.html
SOURCE Financial Planning Association; TD Ameritrade
Institutional