Advice firms up cyber security amid ASIC crackdown
Financial advice firms have told Adviser Ratings they are planning to increase their compliance spend by almost a third, including cyber security to reflect a greater understanding of digital risk.
Last week, lnsignia Financial experienced a cyber attack on its Expand platform which affected its superannuation members.
It described the incident as conducted by a “malicious third-party” which involved “credential stuffing” where an unusual number of login attempts targeted the platform, affecting around 100 Expand accounts.
As a result of the increased regulatory scrutiny on cyber and digital practices, early data from Adviser Ratings’ Landscape Report found advisers are increasing investment in material compliance enhancements – including cyber security – by a substantial 31 per cent.
This includes strengthening existing systems, enhancing staff training, developing and testing incident response plans and appropriate cyber insurance coverage.
Research by Numerisk found the average cost of a cyber insurance claim for a financial services organisation is $225,000, with business email compromise accounting for almost half of claims (47 per cent) followed by fund transfer fraud (12 per cent). Small firms typically opt for $1–2 million in limits, rising to $5–10 million for mid-market businesses.
“These financial realities are influencing advice practices’ decisions to redistribute technology spending towards security and compliance rather than new systems.
“With phishing attacks accounting for 79 per cent of the financial services industry’s cyber claims, practices recognise that even basic security measures and staff training can yield significant risk reduction compared to investments in new capabilities.
“Cyber security is no longer just an IT expense – it’s an essential investment in business continuity, client trust, and long-term resilience.”
ASIC has identified cyber security failures by licensees as a major enforcement priority this year and expects licensees to implement and evolve their risk management systems to counter cyber security threats.
In March, it sued FIIG Securities Limited for allegedly failing to have adequate cyber security measures for over four years. This failure led to the theft of approximately 385GB of confidential data, ASIC alleged, with some 18,000 clients notified that their personal information might have been compromised.
One way of ensuring cyber security is up to scratch is by partnering with cyber security specialists who understand the technical aspects of the task and the unique regulatory aspects affecting financial services firms while allowing advisers to focus on their day job.
“Many practices find themselves overwhelmed by rapidly evolving threats, technical terminology, conflicting security recommendations, not to mention the cost (and whether it is reasonable or not),” Adviser Ratings said.
“Rather than attempting to navigate this complex landscape alone, forward-thinking practices are increasingly partnering with dedicated cyber security experts. These specialists can provide tailored risk assessments, implement appropriate security measures proportionate to the practice’s size and client base, and offer ongoing monitoring and support.”
AUTHOR
Laura Dew
Recommended for you
The Australian Financial Complaints Authority has reported an 18 per cent increase in investment and advice complaints received in the financial year 2025, rebounding from the previous year’s 26 per cent dip.
As reports flow in of investors lining up to buy gold at Sydney’s ABC Bullion store this week, two financial advisers have cautioned against succumbing to the hype as gold prices hit shaky ground.
After three weeks of struggling gains, this week has marked a return to strong growth for adviser numbers, in addition to three new licensees commencing.
ASIC has banned a Melbourne-based financial adviser who gave inappropriate advice to his clients including false and misleading Statements of Advice.
