Update 4: Cyber-security and Final Product

According to PYMTS.com, “The assets managed by robo-investment services have risen significantly over the years to an estimated $50 billion. By some accounts, robo-advisors are expected to oversee $2 trillion in assets by 2020.” As we have concluded from earlier data collection in this research project, most users and clients appear to value trust and relationship with their financial advisor over any other quality or skill. This then leads to us asking the following burning questions when discussing the implications of Virtual CFOs: can we trust them and are they secure?

This post will be primarily focusing on the cybersecurity aspect of these autonomous solutions and then will address some notes about the final product of the project.

As of now, there has been very open scrutiny and skepticism¬†around the implementation of these robo-solutions in the commercial¬†banking space. In fact, even the Securities and Exchanges Commission (SEC) issued a statement in October of last year pretty much denouncing the hasty additions of autonomous advisors, citing the number of data breaches and security concerns in that year alone. According to the SEC’s cyber risk management requirements, “robo-advisers should establish tailored cyber policies and procedures as well as perform ongoing testing to ensure their effectiveness. [SEC] also recommend that robo-advisers conduct due diligence on the cyber security controls of third-party service providers that have access to client information.”

While many autonomous solutions are working on adding military-grade security infrastructures into their platforms, one of the biggest and most difficult to prevent threats in all of cybersecurity is human error. In a 2014 study from IBM’s Cyber Security Intelligence Index, “95 percent of all security incidents involve human error. Some of the most commonly recorded forms of human error caused by such employees are system misconfigurations, poor patch management practices and the use of default names and passwords. There are a number of security controls that organizations/products should explore to guard against such threats.” The best thing that many of these large firms looking to implement a robo-advisor can do to try and mitigate this human error is educate their users on how to manage their own data security and be aware of malicious attacks. This includes educating clients to be vigilant for phishing attacks and providing tips on how to protect themselves from such attacks. Other than that, the SEC is looking to mandate that these firms implement “business continuity” plans and procedures that help that survive and continue operations in the wake of a cyber attack.

While the SEC appears very concerned that firms will take advantage of user data, many developers have very benevolent intentions with their creations. Scott Schneider, president of Zacks Advantage, a Chicago-based robo-investment advisor says that “because the stakes for survival are so high, especially when the margin of error is so small with the public’s hard-earned savings and retirement, robo-advisors are highly sensitive to data breaches and consider investor data and account a top priority and of vital importance.”

So while the implications of a cybersecurity attack appear to be rather detrimental, there are many users and developers who seem to have this at the tops of their mind when using or creating these robotic solutions. In the final post of my Monroe blog, I will plan to present a final description of the implications of such a solution and reach some conclusions about what the future of these advisors looks like.


Speak Your Mind