Cybersecurity in Wealth Management: Addressing Emerging Threats; Embracing Effective Solutions

When industry watchers talk about evolution in the wealth management space, they often are referring to technological transformation impacting how business is conducted, for both providers and consumers of these services. Technological innovation, for all of its “wow†factor, is a double-edged sword that can – and should – elicit an “ugh†factor as well. Why? The more bells and whistles in your tech stack, the greater the risk of lapses and exposure to cyberattacks. Industry regulators continue to make cybersecurity a priority, particularly for financial professionals acting in a fiduciary capacity. Because every wealth management enterprise’s digital ecosystem hosts a seemingly endless array of PPI (personally identifiable information) and financial data, it is an appealing target for bad players looking to take advantage of cybersecurity shortfalls and infiltrate your world. The damage – reputational, financial and legal – can be irreparable.

Staying ahead of potential threats, or even understanding what those threats are, requires constant vigilance and ongoing surveillance. A comprehensive safety net includes not only preventative measures, but a recovery plan as well. As we saw earlier in the year with the CrowdStrike failure, breaches emanating from inadvertent system flaws are just as dangerous as overtly criminal activities.

To help gauge the state of cybersecurity practices in wealth management, as well as ascertain concerning cyber threats in wealth management for 2025 and beyond, I consulted with four experts in the area to obtain their insights, as well as how their firms are meeting the challenges head on: 

• Sid Yenamandra, Founder & CEO, Surge Ventures, an SaaS venture studio targeting the financial services and wealth management industries      

• Kevin Sutton, Founder and Chief Technology Officer, AlphaONE Operations, a cybersecurity and IT solutions provider
• Gregory Wilson, Chief Information Security Officer, Docupace Technologies, a digital back-office workflow and automations provider for the wealth management industry
• Mike Overdorf, President and Founder, Sycamore Company, which delivers data and functionality to retail and institutional advisory firms for commission processing, compliance supervision surveillance and data analytics 

Sid Yenamandra: Potential cybersecurity issues range from phishing to ransomware to data breaches. A growing cybersecurity vulnerability for advisors and their firms is regulatory non-compliance. The recently implemented SEC amendments to Reg S-P make it more critical than ever that advisors and firms have clearly defined procedures and advanced cybersecurity measures in place. These safeguards must include how a firm plans to protect client data, notify clients of a breach and remediate any impact. The new regulations also require firms to monitor the cybersecurity of their third-party vendors. Data breaches and weak cybersecurity protocols including insufficient vendor due diligence will result in severe SEC penalties going forward. Advisors and firms need to understand where they have data security gaps and work with the right partner to fix them.

Kevin Sutton: Wealth management firms are increasingly vulnerable to cyber threats like ransomware attacks and data compromises. Most advisors believe they are protected from these types of incidents, but many are not. They need more robust security than the typical outsourced IT vendor can provide. At AlphaONE, we protect financial advisors’ businesses and reputations by identifying cybersecurity issues, fixing them before they turn into data breaches and staying one step ahead of malicious actors around the world. We developed our flagship solution, Guardian, as a plug-in to provide the proactive protection many advisors lack. We also help advisors satisfy new SEC rules by providing an incident response system that detects, responds to and recovers from unauthorized access to, or use of, client information.

Gregory Wilson: As a leading wealth solutions provider, Docupace continues to invest in our cybersecurity capabilities as the threats proliferate. The latest threat is the user of Artificial Intelligence to create deepfake voices to attempt to bypass first party verifications and voice authentication methods which is one of the newest ways of identifying customers. The rapid increase of ransomware attacks which are now being used to not only encrypt their data but also exfiltrate it and sell it to other cyber criminals is growing exponentially and wealth management firms are prime targets due to the valuable financial data which they possess.

As information security threats continue to evolve, I anticipate several trends will develop for wealth management firms. I expect increased sophistication with AI usage creating more realistic phishing emails which will be more difficult for firms and their clients to identify the threat. This phenomenon will lead to more successful attacks and ransomware campaigns of firms of all sizes. Firms should enhance their training programs, implement multifactor authentication for remote users and conduct more frequency security audits such as penetration test and vulnerability assessments to ensure they are able to safeguard their client data as the threat vectors grow.

Mike Overdorf: The Sycamore platform is built upon Salesforce, which puts cybersecurity front and center and is known for its commitment to data protection. This means we leverage Salesforce’s secure cloud environment, ensuring sensitive information, including financial data, is safeguarded with robust cybersecurity. This is one of the primary reasons we built Sycamore on Salesforce. They infuse security into everything they do and have been a great partner in making sure that data running through our platform stays protected. We rest easy knowing that Salesforce has extremely high standards for data security. To fortify Sycamore data even further, we also implement our own layer of cybersecurity controls and best practices. 

Sander Ressler is Co-Owner and Managing Director of Essential Edge Compliance Outsourcing Services, LLC, a strategic consultancy specializing in compliance and regulatory affairs for broker-dealers and registered investment advisers (RIAs).