The Top 5 Cybersecurity Questions You Should Ask Your Financial Advisor

June 24, 2019 1:22 pm

Richard J. Anzelone, J.D.

Partner & CCO

Cybersecurity in the News
Many of us have become aware of serious data breaches over the last several years involving big companies such as Target, Yahoo, Marriot and Equifax. These data breaches affected hundreds of millions of people around the world and brought light to the importance of cybersecurity, a topic that otherwise doesn’t garner much attention. While the larger data breaches make national headlines, I’d be willing to bet there are others that haven’t yet been discovered or just aren’t big enough to make the news.  The problem is that if you are the one involved in having your personal information stolen, the size of the data breach is irrelevant; one is one too many.  As I always say to people when they say the chances of this happening to them is slim: “stats don’t matter when it is your information that’s compromised”.

Cybersecurity Requirements for Registered Investment Advisers (“RIAs”)
During this same time period, some RIAs registered with the Securities and Exchange Commission (“SEC”) have been involved in enforcement actions for cybersecurity breaches or for not having policies and procedures in place that are strong enough to prevent a data breach. For those of you who may not know, the SEC requires RIAs to have in place cybersecurity policies and procedures to prevent a data breach. What makes it difficult for RIAs is that there are no specific rules in black and white that are set forth by the SEC since things change so quickly and it is difficult to keep up. However, the SEC does offer RIAs plenty of guidance through publishing risk alerts along with other resources that spell out requirements the SEC expects RIAs to follow. Therefore, it is up to the RIA to build out a robust cybersecurity program.

Basic questions many ask a financial advisor
For some, going to see a financial advisor is one of their most important financial decisions and one where you should spend time researching before and after meeting with them.  You can read a lot of articles giving advice about what to ask a financial advisor before deciding to work with them. Questions such as: How do you get paid?  How will you invest my money?  Where is my money held?  What will I be charged for a fee? Are you a fiduciary?  These are all good questions that everyone should ask but there are a few more questions that I believe are equally as important to ask.

Cybersecurity-related questions you should also ask a financial advisor
Think about this when you work with an advisor: they have access to so much of your personal information, such as your social security number, license number, estate documents, bank accounts and access to most of your investment accounts. I very rarely (if at all) get questions related to how your personal information is going to be protected. I know many financial advisors provide privacy policies, but these typically do not address cybersecurity.

One of the reasons I think that people might not ask these questions is either they assume because the firm is a Registered Investment Advisor, it must have everything protected and systems are updated, or they simply just don’t know what to ask.  Well, I am here to help you out with five simple questions you should ask.

  1. Do you have a cybersecurity program in place that includes employee training your employees?
  2. Have you ever had a data breach?  If so, how did it occur?  How was it resolved?
  3. Does your firm conduct vulnerability testing?
  4. Do you have a penetration test conducted periodically by a third-party vendor?
  5. Do you have cybersecurity insurance?

There are certainly other questions you may want to ask but these are some basic ones that are important and hopefully you receive the answers you want to hear.  I know they are not exciting questions, and, in some cases, you may not even know what a vulnerability test is, but if your advisor can answer these questions with confidence, then that should put your mind at ease. RIAs must be diligent in building out a robust cybersecurity program, just make sure the one you work with does.


Richard Anzelone, J.D. serves as Partner and CCO at StrategicPoint Investment Advisors in Providence and East Greenwich. You can e-mail him at

The information contained in this post is not intended as investment, tax or legal advice. StrategicPoint Investment Advisors assumes no responsibility for any action or inaction resulting from the contents herein. Rick’s opinions and comments expressed on this site are his own and may not accurately reflect those of the firm. Third party content does not reflect the view of the firm and is not reviewed for completeness or accuracy. It is provided for ease of reference. Certain statements contained herein may be statements of future expectations and other forward-looking statements that are based on SPIA’s current views and assumptions and involve known and unknown risks and uncertainties that could cause actual results, performance or events to differ materially from those expressed or implied in such statements. In addition to statements which are forward-looking by reason of context, the words “may, will, should, expects, plans, intends, anticipates, believes, estimates, predicts, potential, or continue” and similar expressions identify forward-looking statements. Forward-looking statements necessarily involve risks and uncertainties, and undue reliance should not be placed on them. There can be no assurance that forward-looking statements will prove to be accurate, and actual results and future events could differ materially from those anticipated in such statements. SPIA assumes no obligation to update any forward-looking information contained herein.