As we reflect on 2024, one thing is clear: cyber security is not just an IT issue — it’s a pressing concern for financial advisers and their clients. With sensitive client data at stake and cyber threats growing more sophisticated, staying ahead of the curve isn’t just about protection; it’s about building trust and demonstrating value.
The good news
You don’t need to be a tech guru to navigate these challenges. Understanding basic security principles and big-picture trends can help you make informed decisions and give your clients peace of mind.
What did we learn in 2024?
Although generative AI has revolutionised productivity and dominated headlines, it’s also enabled cyber criminals to automate attacks at scale and to craft ever more convincing phishing scams.
Ransomware as a Service (RaaS) - pre-built toolkits sold by highly experienced and organised cybercrime groups - led to a surge in ransomware attacks, as more people were able to enter the cybercrime field without needing significant technical expertise.
The CrowdStrike outage (1) in July, which caused widespread global outages, underlined the need for businesses to be proactive in managing risk, maintaining operational resilience, and ensuring that their cyber security solutions, or suppliers, are not a single point of failure.
Looking ahead to 2025, here’s what advisers need to keep on their radar:
1. Stricter regulations
Governments and regulatory authorities will likely continue to nudge organisations towards better cyber security practices in response to the evolving threat landscape.
Advisers may need to adjust to new compliance standards, focusing on enhanced data protection and more robust incident reporting practices.
2. AI used to automate attacks
Attackers will use AI for automated attacks, sophisticated phishing schemes, deepfake impersonations, and misinformation campaigns. Advisers need to keep on top of AI threats and consider how AI can be used against them, for example to impersonate clients.
3. Growing awareness of data breaches
As data breaches become more common, clients will grow savvier about cyber security. This is a great time to demonstrate how you protect their information by encouraging practices like strong password management, multi-factor authentication (MFA), and recognising phishing and impersonation attempts.
4. Cyber insurance becoming mainstream
With regulators emphasising accountability, more firms will look to cyber insurance to mitigate financial losses from potential breaches. Understanding the policies, what they cover, and the minimal cyber insurance requirements (such as use of MFA) is crucial for advisers.
5. The exploitation of zero-day vulnerabilities
Zero-day vulnerabilities - security flaws that have not yet been identified — will continue to allow attackers to infiltrate systems before fixes are issued, or where companies are slow to apply the advised mitigations. As soon as zero-day vulnerabilities hit the headlines, it's a race against attackers so advisers need to patch quickly to protect their data.
6. Increased focus on supply chain security
Attackers increasingly use third-party suppliers as entry points to other organisations, exposing weaknesses in interconnected systems. Robust supply chain security measures (e.g. annual due diligence) help spot concerns and reduces the risk of disruptions caused by attacks on your suppliers.
How to Stay Ahead
As financial advisers navigate the evolving cyber security landscape in 2025, the key takeaway is clear: proactive engagement is no longer optional - it’s essential.
Cyber threats are becoming more sophisticated, but so are the tools and strategies available to mitigate them. By staying informed about emerging risks like AI-driven attacks, zero-day vulnerabilities, and supply chain security gaps, advisers can better protect their clients and demonstrate their commitment to safeguarding sensitive information.
Embracing regulatory changes, leveraging cyber insurance, and fostering client education will enhance your security, build trust and strengthen relationships.
