Financial advisors surveyed for the 2024 Brokerage Report Card generally believe cybersecurity is important. While restrictive technology measures can sometimes hamper system access, advisors said, keeping clients’ data safe is crucial.
There’s “so much security,” said an advisor in Ontario with BMO Nesbitt Burns Inc. “[They’re] constantly changing and upgrading [cybersecurity measures]. They’re hyper-vigilant about that. I feel very safe with that infrastructure.”
An advisor in Alberta with National Bank Financial Inc. said they use a secure service for document transfers to clients “[and do] everything we can to protect that info.”
Advisors with smaller firms expressed similar sentiments.
“We have regular training that [is] mandatory,” said an Odlum Brown Ltd. advisor. “They’re very stringent on keeping our staff trained and well-prepared.”
Debra Doucette, president and CEO of Odlum Brown, said the firm has markedly increased its investments in cybersecurity over the past decade.
Advisors surveyed for the Report Card rated their confidence in their firms’ efforts to increase security and combat cyberattacks in a supplementary question. The 632 advisors across 14 firms gave an average rating of 9.1 out of 10.
The consensus that cybersecurity training has increased coincided with the increased prevalence of remote work and awareness of the harm that can be wrought by data breaches.
An advisor with Raymond James Ltd. in Ontario said they believe spending on cybersecurity has increased at the firm. “They are always bringing out more software and training, especially with the remote work stuff. They keep us up-to-speed [to] keep clients protected.”
Another advisor with Raymond James, in Alberta, perceived the firm’s switch to laptop usage in recent years as a reason to increase security. They noted “constant reevaluation and constant improvement in security, [and] a whole variety of things they do to improve security on client accounts.”
An advisor with iA Private Wealth (iAPW) in British Columbia believed the firm’s cybersecurity investments and efforts were sufficient. Still, they said, “I think this budget needs to continue to grow [at all firms] because this is a problem throughout the industry.”
Challenges can arise when a firm and its advisors use several systems. “Two-factor authentication on all systems [has been] implemented, but the problem is that we have too many systems so there are a lot of password errors,” said an advisor with iAPW in Atlantic Canada. While they liked their cloud-based access, this advisor added, “My concern is mostly with [other] advisors, in that their systems are not completely controlled by [the firm].”
iAPW is one of the firms in the Report Card that allows advisors to choose some of their own client relationship tools and financial-planning platforms (the firm is not rated in these areas).
But great care is still taken, said Liz Lepore, vice-president of advisor and client experience and practice management with iAPW: “Everything goes through a cybersecurity validation check [and] there’s an entire team at iAPW that is dedicated just [to security] across the organization.”
Several advisors expressed interest in learning about what their firms are doing to prevent attempted hacks.
For example, an advisor in Ontario with Raymond James toured the company’s U.S. cybersecurity facility during its May 2023 advisor conference. “We have something that looks like NASA. [There’s] a screen where you can watch the attacks coming in and it’s constant. They spend millions every year,” the advisor said.
Raymond James CEO Jamie Coulter told Investment Executive in March that this centre has existed in its current form for more than 10 years, operating 24/7.
Despite firms’ investments to keep out hackers, some advisors pointed to human error as a major threat.
“There’s no shortage of training, so if someone doesn’t know [cybersecurity], that’s on them [and] not the company,” said an advisor with CIBC Wood Gundy Inc. in Ontario.
An advisor with Leede Jones Gable said running tactics such as firm-led phishing tests is valuable, “but it doesn’t stop people from being stupid.”
Some cybersecurity tools can become barriers for advisors.
One advisor in Ontario with ScotiaMcLeod Inc. said they couldn’t access certain work-related websites, such as LinkedIn, due to their firm’s security system. Another ScotiaMcLeod advisor described situations in which files sent by clients were restricted by the firm’s system, making them difficult to accept and open. “That’s an industry-wide problem,” the advisor said.
Todd Barnes, senior vice-president and head of ScotiaMcLeod, said cybersecurity was “a massive focus and priority,” with “institutional level” efforts made to protect the enterprise, clients and stakeholders. For advisors to send and receive client documents, “We offer two bank-approved secure platforms: Secure Email and SecureShare through ScotiaOnline,” Barnes said.
Heightened security protocols can lead to stilted system access and require frequent training sessions, but most advisors are on board, even if reluctantly.
Said one Wellington-Altus Private Wealth Inc. advisor: “I kind of dread all the [cybersecurity] stuff I get and all the training, but I recognize it’s to help us in terms of [avoiding] phishing and all that. [There’s] more than I want, which I guess is good.”
This article appears in the June issue of Investment Executive. Subscribe to the print edition, read the digital edition or read the articles online.