Advice firms up cyber security amid ASIC crackdown
Financial advice firms have told Adviser Ratings they are planning to increase their compliance spend by almost a third, including cyber security to reflect a greater understanding of digital risk.
Last week, lnsignia Financial experienced a cyber attack on its Expand platform which affected its superannuation members.
It described the incident as conducted by a “malicious third-party” which involved “credential stuffing” where an unusual number of login attempts targeted the platform, affecting around 100 Expand accounts.
As a result of the increased regulatory scrutiny on cyber and digital practices, early data from Adviser Ratings’ Landscape Report found advisers are increasing investment in material compliance enhancements – including cyber security – by a substantial 31 per cent.
This includes strengthening existing systems, enhancing staff training, developing and testing incident response plans and appropriate cyber insurance coverage.
Research by Numerisk found the average cost of a cyber insurance claim for a financial services organisation is $225,000, with business email compromise accounting for almost half of claims (47 per cent) followed by fund transfer fraud (12 per cent). Small firms typically opt for $1–2 million in limits, rising to $5–10 million for mid-market businesses.
“These financial realities are influencing advice practices’ decisions to redistribute technology spending towards security and compliance rather than new systems.
“With phishing attacks accounting for 79 per cent of the financial services industry’s cyber claims, practices recognise that even basic security measures and staff training can yield significant risk reduction compared to investments in new capabilities.
“Cyber security is no longer just an IT expense – it’s an essential investment in business continuity, client trust, and long-term resilience.”
ASIC has identified cyber security failures by licensees as a major enforcement priority this year and expects licensees to implement and evolve their risk management systems to counter cyber security threats.
In March, it sued FIIG Securities Limited for allegedly failing to have adequate cyber security measures for over four years. This failure led to the theft of approximately 385GB of confidential data, ASIC alleged, with some 18,000 clients notified that their personal information might have been compromised.
One way of ensuring cyber security is up to scratch is by partnering with cyber security specialists who understand the technical aspects of the task and the unique regulatory aspects affecting financial services firms while allowing advisers to focus on their day job.
“Many practices find themselves overwhelmed by rapidly evolving threats, technical terminology, conflicting security recommendations, not to mention the cost (and whether it is reasonable or not),” Adviser Ratings said.
“Rather than attempting to navigate this complex landscape alone, forward-thinking practices are increasingly partnering with dedicated cyber security experts. These specialists can provide tailored risk assessments, implement appropriate security measures proportionate to the practice’s size and client base, and offer ongoing monitoring and support.”
AUTHOR
Laura Dew
Recommended for you
Determinations by the FSCP since the start of 2025 are almost double the number in the same period of 2024, with non-concessional contribution cap errors and incorrect advice among the issues.
Whether received via human or digital means, financial advice is reportedly leading to lower stress and more confidence, according to Vanguard.
The new financial year has got off to a strong start in adviser gains, helped by new entrants, after heavy losses sustained in June.
Michael McCorry, chief investment officer at BlackRock Australia, has detailed how investors are reconsidering their 60/40 portfolios as macro uncertainty highlight the benefits of liquid alternatives.
