Just three years ago, only 6% of advice firms considered cyber security to be one of the most important challenges to their business1 . Today, across all firms, cyber security is seen as one of the top four business challenges overall2. In fact, for larger advice firms, it’s the number one concern.

What has prompted this change? Firms are now much more aware of the threats posed by phishing attacks, email scams and data breaches. In addition, a rapid and unplanned shift in working practices due to the Covid pandemic has changed the risk profile of many firms. This has increased the likelihood of an attack.

The good news is, certain key measures can be taken by all advice firms to address the biggest risks.

Read the full report

Five considerations for advice firms on the cyber security threat

1. People

With businesses investing more in security technology, the best way in for criminals is often through staff. It’s therefore important that everyone within a firm understands their security responsibilities and follows simple cyber hygiene practices.

2. Dedicated responsibility for information security

There’s an emerging trend for firms to bring the IT function in-house, rather than use an outsourced provider. This reflects the expanding role of technology in delivering the advice proposition.

3. Secure communications with clients

NextWealth’s research indicates 70% of advice firms are now using client portals that offer the ability to securely communicate and share documents with clients.

4. Secure communications with providers and platforms

Covid has accelerated the adoption of paperless processing and eSignatures for many providers. However, in some organisations, advisers still have to send and receive client information by less secure means, including post.

5. Regulation and self-certification

Given the risk posed to both client data and business continuity by cyber security threats, some in the industry expect to see more regulation in this area, perhaps in the form of self-certification for advice firms. This could be to standards like Cyber Essentials.

Three steps to take to reduce business cyber risk


  • Cyber Essentials – visit the NCSC Cyber Essentials website and read through the self-assessment criteria. The vast majority of common cyber attacks are looking for targets that do not have these criteria covered.  Following this framework will provide a view on the organisational security level and provides reassurance to clients that you are securing your business against cyber attack. 
  • Enable two-factor authentication – two-factor authentication means adding a level of security to your systems to ensure that someone accessing it has to provide a second form of identification (in addition to their password) to prove they are who they say they are. Having this in place decreases the risk of authorised access to your systems and data.
  • Use a password manager – use a password manager at your firm that securely holds all of your various business account passwords and alerts you to any breaches. These applications also promote good password management practices and can help you create and securely store strong and complex passwords.


Addressing cyber security risk does not need to be overly complicated. There are simple steps that businesses can take, some of them free of charge, to get an essential level of protection in place. The key is that firms view cyber security as a core component of business risk and business planning and that it is regularly revisited and kept front of mind for all staff in the firm.

 1 Source: Fidelity FundsNetwork’s ‘Business challenges facing financial advisers’ report.
 2 Source: NextWealth’s Financial Advice Business Benchmarks 2021 (September 2021)

Latest articles

The new State Pension – buy now while stocks last?

For most retirees, the State Pension forms the foundation block of retirement…

Paul Squirrell

Paul Squirrell

Head of Retirement and Savings Development

Client getting divorced? Don’t let them forget their pension

How the rise in DIY divorces has affected pension sharing orders

Becks Nunn

Becks Nunn

Fidelity International

Stronger pension nudges: final rules and guidance

On 1 December 2021 the FCA published the final rules and guidance for firms o…

Paul Squirrell

Paul Squirrell

Head of Retirement and Savings Development