A Basic Guide to Cyber Security for Financial and Wealth Management Firms

If there is one industry that we would expect to lead the way in cybersecurity, it’s the financial services sector. Considering the nature of the data they process and the amount of personal and business information they hold, they should be bastions of cyber-strength.

So, it may come as a surprise to know that 70% of UK-based organisations in the sector were breached in 2020, according to the 2021 Keeper Security cybersecurity census report. In addition, only 42% believe they are well-prepared in the event of a future attack.

With the issue of cybersecurity becoming such a serious one, the Bank of England has created a set of rules for operational resilience. Regulated organisations are required to identify how they may be affected by a security breach, and how long it would take them to resume normal service, with plans to be finalised by March 2022.

What are the threats to the financial services sector?

To protect your financial or wealth management business and create your operational plan, clearly, you need to start by understanding the most likely forms of cyberattack. So, what are the threats your business could face?


Most people are aware of phishing attacks, where criminals trick you into clicking on a malicious link or convince you to share sensitive information such as login credentials. This type of social engineering attack usually begins with an email, often from a trusted sender, that asks us to urgently follow a link to a trusted website.

Although we’re regularly warned to monitor our personal emails for these false links, it’s important for staff to look out for them at work as well. Criminals may well target financial and e-commerce businesses to plant malware on their systems, gain access to their databases or disrupt their webshop.

DDos attacks

DDos (distributed denial-of-service) attacks are a way of disrupting the normal working of a server by flooding it with internet traffic. Criminals will use a network of computers to send requests to the victim until their own systems are overwhelmed.

In effect, this creates a traffic jam of activity to the victim’s systems that prevent any genuine requests from getting through. The attacker is typically someone with a grudge against the organisation itself, or it’s a way of creating a distraction that enables a criminal to break into the systems during the disruption.

Insider threats

As any financial business is aware, it’s essential that all staff are fully trained on security procedures and their responsibilities in the handling of data under GDPR (General Data Protection Regulation). It’s only common sense that this must include general cyber security training.

According to the 2021 Verizon Data Breach Investigation Report, 44% of data breaches in the financial and insurance sectors were caused internally.

That is not to say that your staff are all potential criminals. The threat includes accidental breaches from employees or partners who inadvertently put the organisation at risk.

However, it does also include deliberate compromises by malicious insiders intent on stealing information for their own gain or to cause damage to the business.


Ransomware is one of the biggest cyber security threats an organisation faces. In simple terms, ransomware plants malicious software that encrypts a computer system. The targeted business cannot access it until they have paid a financial ransom to the attacker.

Any business faced with a ransomware attack may be effectively closed down until the situation is resolved. They are also in the difficult position of having to trust that, if they pay the ransom, their systems will be unlocked and that the criminal will delete any copies of compromised data and not leak it publicly.

Because there is no guarantee that criminals will not keep the data and demand further payment, organisations are advised not to pay ransom demands. This will cause a more prolonged disruption of your services. But, with an effective incident response plan in place, you’ll be able to limit the damage and provide an effective response.


How to protect your financial organisation

As with any process, effective security processes rely on you determining your weaknesses and implementing strategies to reduce the risks. There are plenty of proven methods you can employ. For example, regular comprehensive staff training will ensure that employees know how to identify and respond to scam phishing attacks. You could also use two-factor authentication to ensure that only approved users can log in to your systems.

However, no single security option will provide 100% protection, so you’ll need a layered approach. This needs to be set to the appropriate level to be effective protection, without interrupting your normal daily processing.


Good security management includes: 

  • Appropriate security software on your devices built to protect against the latest threats
  • A business grade firewall that’s effectively-maintained and monitored
  • Enterprise-level email security
  • Real time monitoring of your network and your Microsoft 365 system
  • Making sure all devices are being kept up to date with the latest updates
  • A resilient backup strategy
  • Password management
  • User awareness training

The FCA (Financial Conduct Authority) also stress the need to ‘put good governance in place’ and to work towards existing standards including the NIST Cybersecurity Framework, NCSC’s 10 Steps to Cyber Security, and Cyber Essentials.

Effective disaster recovery plans

Despite all the training and security processes you implement, there’s always a risk that your systems might be compromised. Therefore, as with every business process, it’s important to have an effective disaster recovery plan.

We recommend that you have five areas in your plan:

  • Identify: Know what parts of your infrastructure are critical to keep your business running
  • Protect: Limit any threat against the most vital parts
  • Detect: Employ constant monitoring to detect any threat immediately
  • Respond: Who you need to report a potential breach to, and what actions they will take
  • Recover: The steps to restore your business and its data to normal functionality

Identifying your business weaknesses and implementing your recovery plan is key. If you haven’t already done so, these should be a priority. Once in place, your plan is not a one-time thing. It needs to be reviewed regularly and kept up to date.

If your cybersecurity is causing you concern, then give us a call. We’ll consult with you on your current situation, where you need to be, and the right options for your business.