Why does cybersecurity remain a struggle for RIAs?

Experts told Citywire cybersecurity risks are only rising, something many RIAs are not adequately prepared to handle.

The preparedness of the RIA space for cybersecurity is woefully inadequate,’ John O’Connell, chief executive of tech consultancy the Oasis Group, told Citywire. 

So despite both frequent warnings around cybersecurity threats from industry insiders and hard data, why does progress on the issue seem so intractable, and what can RIAs do to improve? 

To O’Connell, the issues he sees at firms revolve around several core areas. Among them include a lack of separation between firms’ IT and cybersecurity teams, with IT employees often performing both functions, and a failure to perform annual cybersecurity program reviews or tests.

He added that firms’ “bring your own device” policies, which allows employees to access sensitive information on their personal phones, potentially expose client personally identifiable information (PII) if those devices are stolen or breached.  SOURCE