Why Cybersecurity is Key for Independent Wealth Management Firms

23 March 2023 by National Bank Independant Network
Three National bank experts share their thought about money taboo

Cyberattacks are amongst the most pressing concerns for the financial services industry in 2022. That’s why we wanted to reflect on the importance of good cybersecurity for independent Portfolio Managers and Investment Dealers.

Approximately 66% of small to medium-sized businesses—a category which includes many independent wealth management businesses—have experienced a cyberattack in the past 12 months. The frequency of cyberattacks in 2021 was estimated to be one attack every 11 seconds. Yet only 14% of small businesses are prepared to defend themselves, according to Accenture’s Cost of Cybercrime Study.

The good news is that you’re not alone in the fight against cyberattacks. There are more resources available than ever, especially to independent portfolio managers, to make the job of defending your systems and training your staff in cybersecurity easier for you and your business. These resources include partners like NBIN that will help ensure the assets and sensitive information of clients is safe thanks to robust cybersecurity protections within our own systems.

There’s more to cybersecurity than you think

Cybersecurity is a broad category, but fundamentally it's about keeping information safe. This involves protecting systems, networks, and programs and apps from attack by malicious actors.

While we may traditionally think of cybersecurity as involving antivirus software and firewalls, the truth is that good cybersecurity involves not just technology, but also the employees and processes within an organization.

Beyond technological fixes, a trained, vigilant staff is a key element of effective cybersecurity. Have they received cybersecurity training? Can they spot phishing emails? Do they change passwords frequently? Are the passwords complex enough? These are just a few simple solutions that can yield significant security results.

More than half (51%) of people report using the same password for both work and personal accounts, for example. This password reuse means that if a hacker cracks a password for a single website, they can compromise not only an employee's personal data but potentially the business systems they interact with as well. Couple this with the fact that 78% of Gen-Z users report using the same password for several online accounts, and the widespread vulnerabilities become apparent.

Your cybersecurity software and technology are already at a disadvantage in stopping malware getting into your system if an employee clicks on a malicious link and unwittingly invites it in. Are they trained to know the warning signs if a phishing campaign?

For example, the most common types of attacks on small businesses include phishing (57%)—usually accomplished by malicious links sent from an impersonated email addresses or a trusted account that has been spoofed—as well as compromised or stolen devices (33%), and credential theft (30%).

In 2020, the FBI reported that phishing attacks were at record levels and up 119% from 2019 due to vulnerabilities introduced by widespread work-from-home during the pandemic. These include the increased use of personal devices like tablets and cellphones to access company networks, as well as the use of unsecured home WIFI connections that present vulnerabilities that threat actors can exploit.

Cybersecurity isn’t just about safeguarding assets

As an independent wealth manager, your clients trust you to look after not just their money but their data, as well.

In this industry, advisors deal with a great deal of highly sensitive information, from financial information to personal data. In the same way that you have a responsibility to protect and steward your clients’ assets, you have an obligation to protect their private data as well.

Beyond any legal liability for data breaches of confidential client information, consider the ongoing negative impacts that a cybersecurity incident could have for your business.

If you were the victim of a ransomware attack, for example, not only would you have to pay to have your systems repaired or pay a ransom to have them unlocked (though cybersecurity experts and law enforcement both recommend against paying ransoms), but the fallout of such an incident can also  still be felt weeks and sometimes months later.

Financial losses. Lost productivity. Breakdown of business continuity. And, worst of all, the reputational damage to you and your business. Ask yourself: would you trust your money with someone who couldn’t even keep their own system safe?

As a good place to start assessing your own cybersecurity readiness, check out guides and resources put by the Canadian Investment Regulatory Organization (CIRO). They recently added a Cybersecurity Self-Assessment tool that can help you identify areas of strengths and weakness. You can also download your copy of CIRO’s Cybersecurity Best Practices Guide here.

How NBIN protects your data as your partner

As a custodian for hundreds of independent wealth management firms across Canada, cybersecurity is of the utmost importance to what we do at NBIN.

Being a bank-owned firm providing services to independents, NBIN—and our clients—benefit from the support and cybersecurity infrastructure of the National Bank of Canada.

NBIN’s support includes its dedicated risk and regulatory team, a main function of which is identifying and monitoring operational risks, which includes cybersecurity. This team partners and maintains contact with the National Bank of Canada cybersecurity team. This means that we benefit from additional layers of security well beyond simple regulatory minimums, as well as a level of cybersecurity resources only available to the largest organizations.

Within NBIN directly, we’re proud to say that our commitment to cybersecurity starts from Day 1. We want all our partners to know that they can trust their assets—and those of their clients—to NBIN and that we do everything we can to always ensure their safety and integrity.

For example, each of our employees undergoes extensive cybersecurity training and coaching as part of their onboarding process. This training leaves each team member well-versed in the ‘soft’ skills of cybersecurity that are so crucial against things like phishing attacks, which can compromise the system of even the largest organization.

Moreover, a part of our commitment to you is working to help ensure you are as prepared as possible to look after your own cybersecurity. We are here to help support you in your search for the tools you need and to navigate the risk and regulatory perspective you need to develop the right program for you.


Cyberattacks are one of the most urgent threats to the financial services industry today. For small- to medium-sized businesses in independent wealth management, the need for robust protections against malicious actors is vital to a successful, trusted business.

To learn more about our NBIN’s commitment to cybersecurity and how we can help support you in your search for the cybersecurity tools you need to protect your business and clients, contact us today

Legal disclaimer

©2022 - Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.

The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.

The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.

This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.

Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).