The cyber
threat landscape today

Advisory firms are increasingly viewed as prime targets by cybercriminals, not because they are vulnerable by default, but because financial data, customer data, and financial systems are highly valuable and deeply connected across the financial services sector. 

Additionally, most (though not all) attackers have a financial motivation for cyberattacks. Advances in artificial intelligence and machine learning have also made cyberattacks more scalable and convincing.

Why cyber threats can affect more than your software

A cyber incident doesn’t just affect your technology. It affects relationships. Data breaches can lead to reputational damage that’s difficult to undo.

Thoughtful risk management and robust cybersecurity help advisory firms:

• Protect customer data and sensitive financial information, so clients can feel confident that their personal and financial details are handled with care and discretion.
• Reduce downtime and business disruption, allowing your firm to stay accessible and responsive when clients need guidance, especially during volatile or stressful moments.
• Meet security standards and regulatory compliance expectations, reinforcing credibility with clients, partners, and regulators and avoiding distractions that pull focus away from client service.
• Maintain trust during unexpected cyber incidents by responding quickly, communicating clearly, and demonstrating that you’re prepared to handle challenges thoughtfully.

Cybersecurity isn’t about being perfect. It’s about being prepared and resilient.

Common cybersecurity risks advisory firms face

Phishing and social engineering

Phishing remains one of the most common cyber threats for advisory firms. Attackers often use email, text messages, or phone calls that appear legitimate, posing as clients, colleagues, or trusted service providers, to trick someone into sharing credentials or taking an action they normally wouldn’t.

What makes phishing especially effective is that it targets people, not systems. Messages are often timed to feel urgent or familiar, and they may reference real information pulled from past data breaches or public sources. 

Ransomware attacks

Ransomware attacks occur when attackers gain access to a firm’s systems and encrypt critical files or applications, effectively locking firms out of the data they need to operate. In many cases, attackers demand payment in exchange for restoring access, creating immediate disruption and uncertainty.

Increasingly, ransomware attacks also involve copying sensitive information before systems are locked. That means firms may face not only downtime, but also the risk of important financial or customer data being exposed.

Third-party and supply chain risk

Advisory firms depend on software platforms and service providers to run their businesses. While these tools enable efficiency and scale, a vulnerability anywhere in that ecosystem can affect your firm.

Top 6 practical cybersecurity strategies for advisory firms

1. Understand where your sensitive data lives
Sensitive data is hard to protect if you’re not sure where it is located. Keeping an up-to-date inventory of where your sensitive data is, including personal information, is critical for any regulated financial institution or investment advisor. Once you know where it is, you can make sure it has the appropriate security controls.  

2. Assume some personal data is compromised
For many years, the financial industry in the United States has operated under the assumption that Social Security Numbers (SSNs) are secret. Various sources estimate that over 60% of SSNs have been compromised. And until 2011, their creation was formulaic. What’s more, in California, a mother’s maiden name is publicly available if you were born between 1905 and 1995. 

This means traditional ways of verifying identity, like relying on SSNs or knowledge-based questions alone, may no longer provide meaningful protection. When attackers can piece together this information from multiple sources, those checks become easier to bypass.

Advisory firms can reduce this risk by updating policies and procedures to use stronger verification methods, like multi-factor authentication, identity verification tools, and clear internal processes for handling sensitive requests. Advisors should also utilize their close relationships with their clients to know if a request feels off.

3. Use multi-factor authentication everywhere
Multi-factor authentication (MFA), sometimes called two-factor authentication, adds an extra step to signing in beyond just a password. In addition to something you know (like a password), it requires something you have or something you are, such as a code from an app, a physical security key, or a biometric, like a fingerprint.

Why MFA makes such a difference
For advisory firms, MFA is one of the simplest and most effective ways to reduce unauthorized access. Many cyber incidents start with stolen or reused passwords. MFA helps stop those incidents from turning into larger problems by adding a second check before access is granted.

Where to start with MFA
A practical place to begin is with your most critical vendors, such as custodians, email platforms, and other systems your firm relies on every day. Make sure MFA is enabled wherever it’s available, and use the strongest option supported.
In general, stronger MFA methods include hardware security keys and biometrics, followed by authenticator apps. SMS or email should be used only when stronger options aren’t available.

If you’re unsure where to focus first, reviewing your third-party or supply chain vendor list can help because it shows which systems matter most to your day-to-day operations and client data. Starting with those critical vendors allows you to prioritize MFA where it will make the biggest difference.

Extending MFA to clients
Encourage clients to enable MFA on their financial accounts, email, and phone providers. If they don’t have MFA, encourage them to switch to a more secure provider if possible, or ask the provider to add it.

4. Manage access thoughtfully
Access management helps limit unauthorized access and reduces the impact of compromised credentials. In practice, this means giving people access based on their role, rather than granting broad permissions “just in case.”

Regularly reviewing who has access to which systems and removing unused or outdated accounts helps reduce risk as teams grow, roles change, or vendors are added.

5. Secure and encrypt devices
Advisors should protect their laptops with reputable antivirus or anti-malware software, which helps identify and block malicious programs before they can cause harm.

Laptops should also be encrypted, which means the data stored on the device is protected if it’s ever lost or stolen.
Built-in tools like Apple FileVault or Microsoft BitLocker make this easy to enable and help ensure that sensitive client and financial information can’t be accessed without proper credentials.

Finally, it’s important to store any recovery keys or backup codes in a secure place, such as a password manager. Keeping these codes safe ensures you can regain access to your device if needed without putting sensitive information at risk.

6. Have an incident response plan
An incident response plan helps firms respond calmly and effectively in the event of a cyber incident. Knowing who to contact, how to communicate, and what steps to take can significantly reduce downtime and disruption.

How new AI-driven threats are showing up

Cybersecurity threats continue to evolve, particularly with advances in artificial intelligence. Tools like voice cloning and deepfakes make it easier for attackers to convincingly imitate real people, such as a client, colleague, or service provider.

These tactics are often designed to create urgency and bypass normal safeguards. For example, an advisor or team member might receive a voicemail that sounds like a client requesting an urgent transaction, or a message that appears to come from a trusted contact but doesn’t quite follow normal patterns.

Staying grounded as risks evolve
While these newer tactics can sound intimidating, they don’t require advisors to overhaul everything. They simply reinforce the importance of building habits and safeguards that help teams pause, verify, and respond thoughtfully — without disrupting the relationships you’ve worked so hard
to build.