The JConnelly Blog



Written by Ray Hennessey
on July 25, 2017

Why Every Wealth Manager Needs a Cyberattack Crisis Plan.jpg

When it comes to a cyber breach, it’s a matter of “when” not “if.”

If you’re a wealth-management firm, you will be attacked. That’s a given. After all, you hold what most cybercriminals want: the most sensitive and personal details of the wealthiest people in America. Those attacks are persistent, pervasive and not easy to detect. Scariest of all, there’s a strong likelihood that your firm is already under some form of attack.

That raises the odds that one attack will lead to a successful breach.

All cyberattacks are bad, but ones that affect financial intermediaries have the potential to ruin an advisor’s practice. Competition for clients is fierce, and a good client relationship is built on protection and trust – two feelings that immediately can disappear when data is breached. Clients, and their assets, will walk if they don’t feel safe.

Having a plan in place to handle the communications around this crisis is so vital. In fact, every wealth manager needs to have a separate crisis plan to deal with the potential of a cyber breach.

For the most part, all the elements of a standard crisis plan need to be a part of your cyber plan. But there are specific elements for a cyber security plan that need to be incorporated:

Understanding of State Laws

Traditionally, most advisors are concerned with federal regulations. But there is no over-arching federal law covering a data-breach response. However, 48 states (with the exception of Alabama and South Dakota) have laws that govern your communications in the event of a breach. Each state defines what types of data are covered by the laws, what constitutes personal information and what you are required to disclose. Understanding your home state’s requirements, and those of your clients, is important, so it is vital you engage a law firm that knows breach-disclosure laws and can help guide the communications plan.

Client-Centered Communications Plan

The way to maintain trust of your clients is to be forthright to them. That means ensuring you have a plan in place to be the first person to notify them of the breach. Too often, news of a cyber breach at most companies is delivered through the media. Given the depth of relationship with your clients, and the importance in maintaining your clients’ trust, you have to have a plan to be able to reach out to your clients in the quickest and most efficient way.

Coordinated Response

In addition to the public relations and law firms you need to retain to help develop your crisis response, your cyber team needs to include two other groups of professionals: a cybersecurity firm to assess and monitor your ongoing security (after all, the best way to deal with a crisis is to avoid one in the first place), and your accounting firm (preferably with forensic specialties) to support your response. Forensic accounting professionals can manage document control, data preservation and recovery, and analysis. Your communications team should seek feedback from all the firms helping you when crafting your plan.

5 Ways to Turn A Crisis into an Opportunity

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Public Relations Crisis

There’s Power in Optimism in Your Messaging

Being inside on a rainy day was torture when I was a little kid. I remember looking out the window as a young boy at my ...

Public Relations Crisis

How to Build a Future for Your Brand After COVID-19

When the virus is behind us, how will you rebuild?


How to Find Intimacy in Communication in a Time of Social Distance

For most people, the current COVID-19 outbreak has presented two challenges. First, this is a crisis of visibility. With...