Financial advisors and firms, as a whole, remain woefully unprepared when it comes to cybersecurity. The link above goes back to a 2020 story noting the same.
And it is not for lack of experts and conference hosts making the case that things need to improve. Joel Bruckenstein, the founder of the T3 conference and newsletter, has beaten the drum on cyber every year of his conference, as has Brian Edelman, the CEO and founder of managed security service FCI (who helped create and revamp an FPA cybersecurity training program). Mark P. Hurley, the CEO of Digital Privacy & Protection, has made the conference rounds, too.
Now, the IT and cybersecurity managed services provider, Alles Technology, which was founded in 2021, this week announced the launch of its Risk Insights Assessment, an RIA-specific cybersecurity assessment service, which can be run either as a one-time engagement or as part of an ongoing managed IT and cybersecurity services.
The technology benchmarks advisory firms against established industry standards, including access controls, data protection, governance, incident response, training, vendor oversight and vulnerability management.
“What we’re finding is alarming,” Alles Technology CEO Max Alles said in a prepared statement.
“Ninety-five percent of firms fail the internal penetration test component of the assessment on the first attempt as many RIAs are relying on outdated safeguards or generic IT providers,” he wrote.
In a follow-up email, Alles added that his firm has assessed 80 firms thus far, and only three passed the overall testing.
Risk Insights Assessment provides firm leaders with a data-driven picture of their vulnerabilities and a roadmap for remediating shortcomings.
More specifically, the assessment combines Alles’s Cybersecurity Assessment Checklist with a battery of tests that include a security analysis of various Microsoft products and services, including 365, as well as configuration reviews of a firm’s Entra, Intune, Exchange, Azure, Compliance Center, and Defender if it uses them.
Other testing that is part of the assessment includes Dark Web scanning and credential exposure checks, internal penetration testing, evaluation of firewall effectiveness, and scans of external ports. The assessment and review also examines a firm’s endpoint detection and response capabilities and includes analysis of a firm’s password manager, if any, and that security patches across its network and devices are up to date.
As part of the assessment, Alles also analyzes a firm’s cybersecurity policy, which follows the SWOT framework. This includes establishing an overall security plan, noting inherent as well as specific weaknesses, opportunities and threats, all of which are prioritized.
RIA firms have such diverse tech stacks and connectivity that pricing for Alles services is based on case-by-case consultations, but a one-time Risk Insights Assessment costs $7,500, according to Alles.
There is no shortage of threats, from phishing to malware to voice-based deepfakes and thousands of other vulnerabilities. It is clear that advisors need to be better prepared.
Morningstar Bolsters Index Biz with CRSP Buy
Morningstar agreed to buy the Center for Research in Security Prices, a provider of historical stock market data and indexes, from the University of Chicago, for $375 million.
Morningstar said the deal would “catapult” the firm into one of the largest index providers for public U.S. equity index funds.
As part of the deal, Morningstar will acquire the CRSP Market Indexes, which are the benchmarks for more than $3 trillion in U.S. equities. It pointed out that Vanguard offers several funds tracking CRSP indexes, including mutual funds and ETFs, such as Vanguard Total Stock Market Index Fund (VTSAX and VTI), and Vanguard Mid-Cap Index Fund (VIMAX and VO).
“We know that assets tied to indexes play a critical role for asset owners when choosing providers, and this acquisition allows us to expand our capabilities to these clients,” Morningstar CEO Kunal Kapoor said in a statement. “With CRSP’s expertise and our shared focus on delivering exceptional value, we’re excited to create even more opportunities for investors and help them achieve their long-term goals.”
CRSP was founded in 1960, and its data has been used by investors, academics and regulatory authorities. It generates approximately $55 million in annual revenue. The transaction is expected to close in the fourth quarter of 2025.
AI Email Assistant Launches as Paid Add-on to Advisor CRM
Advisor CRM, the generally free customer relationship management application that launched last November for RIAs, this week launched a fully integrated AI Email Assistant. The catch is that using the latter will cost $59 per month for up to five users.
This new suite of tools is meant to automate follow-up tasks and generate personalized replies to clients, much like many third-party notetakers on the market, like Jump, Zeplyn and Zocks, among others, will do.
“This is built in-house; [the] LLM is agnostic, we currently use a combination of OpenAI and Anthropic models,” wrote Leibel Sternbach, partner and CTO of AdvisorCRM, in an email.
“The models aren’t the real workhorse in this engine, it’s how we extract and build the model for how to replicate the advisor’s voice and values that is the real trick,” he added.
The new AI Email Assistant automatically scans advisors’ incoming emails and categorizes them into actionable groups, including client requests, documents required, meeting follow-up and other categories. It also prioritizes tasks originating from emails for advisors, identifying those needing immediate attention. According to the company, other key features include the ability of the assistant to generate personalized emails in an advisor’s own voice, as well as what the company calls smart attachment processing.
It can also convert requests included in emails directly into tasks. For example, if a client sends an email about rolling over a 401(k), the AI Email Assistant will automatically generate a task to prepare the rollover paperwork.
“Combined with our SMS and myRepChat [which was acquired by FMG in 2023] capabilities, advisors now have a single platform to manage client communications end-to-end,” wrote Sternbach, in a prepared statement.
#Cybersecurity #Gaps #Wealth #Management