Jason Brown (left), Indi Siriniwasa and Nathan Jacobsen. Photo: Jack Smith.

Sharing passwords and using too much software are among the mistakes practices are still making that can exacerbate cyber risk, the Professional Planner Licensee Summit has heard.

Alchemy Cyberdefence chief executive Indi Siriniwasa said most firms have around 30 to 50 per cent too much software.

“There’s a lot of software hanging around, that’s a lot of waste, especially in the SaaS [Software as a Service] space. Declutter the products, use what you need,” he said.

“Phishing attacks happen all the time and will only get worse with AI. Sharing passwords happens all the time.”

Vital Business Partners chief executive officer Nathan Jacobsen said licensees, including Diverger where he was formerly CEO before it was acquired by Count last year, had been “running frantically” to try and keep up with cyber-related challenges and overcome historically slow change management processes in the industry.

“When you’re dealing with hundreds of small businesses with limited staff… and then you’re responsible as the licensee, that change management process is really difficult and really slow,” Jacobsen said.

“There are still providers in the market who were not insisting on two factor authentication 18 months ago, there are still people in the industry who were trying to email client documents [rather than use client portal].”

The day after last year’s summit, BT announced it would remain with Westpac rather than being sold. BT head of distribution Jason Brown told the 2024 summit that cybersecurity has been one of the benefits of being retained in Westpac’s ownership.

“There’s lots of other benefits we’re talking to dealer groups and advisers about, but in the simplest terms what we have is an extra layer of cybersecurity,” Brown said.

“To get to the clients of Panorama, you’ve got to get past BTs platform-grade security which every platform would have. And to get to that, you have to get past Westpac’s bank-grade security. Since the early 2000s Westpac has been spending a lot of money and putting people into cybersecurity.”

But while Westpac’s expenditure has led to strong cyber protection, Jacobsen noted this isn’t always at the forefront of mind for independent businesses.

“Cyber is the grudge purchase, right until it blows up in your face,” Jacobsen said.

“Practices are busy, they’ve got good growth – they’re focused on other things. When it’s not a problem they don’t want to spend time on it. That was our biggest challenge, without having to dictate, was getting people moving and that’s a constant challenge.”

Jacobsen noted advice from cyber experts that recommends minimizing your available attack front by reducing available endpoints in the business.

“But licensee business – how many endpoints do you think we have? Thousands,” Jacobsen said. “Everyone one of those practices and their staff members.”

The amazing race

BT is celebrating the 10th anniversary of its Panorama platform and Brown noted that much has changed in that time.

“There’s been a price race that’s run and ongoing, there’s a features and benefits race that is run and ongoing, and never will stop,” Brown said.

But he added there are two new emerging races: AI/technology, and service. Brown said these races will need to run in parallel because the best technology will empower human service.

“The good technology will do 99 per cent of things and no one will even notice but the 1 per cent, we really believe those things will matter,” Brown said, noting the platform’s philosophy is delivering tech with a human touch.

“They matter to the adviser, they matter to the end client and they usually require a human being, someone to pick up the phone. At the moment we’ve worked on the technology freeing up our call center staff…for complex stuff.”

Back to the future

When it comes to what licensees overlook in the cyber sphere, Siriniwasa splits this into the pre-AI and AI eras.

“Overall, everyone is doing a good job, especially the larger [licensees],” he said.

“It’s a hard thing to do, criminals are always one or two steps ahead of us. What you could do best is protect according to a certain framework, whether it’s ISO or other frameworks.”

However, he said AI has affected the application of those frameworks.

“New frameworks are coming in and it’s best to look at those with the large licensees and corporations [that] have that covered, the challenge is going to be with the smaller licensees,” he said.

In his role leading Diverger, Jacobsen said the licensee had been testing multiple applications of AI to stay ahead of the curve, but that technology is moving so fast that it goes out of date quickly.

“We were using Salesforce [for AI], had been for years, so we were starting to trial Q&A bots,” Jacobsen said.

“We partnered with FinTalkr and helped to build out that solution and we’re rolling it out to our network to automate licensee compliant file notes. That has had a huge benefit to our practices.”

Diverger also partnered with Hub24, which owned a stake in the licensee, as a foundation partner on HUBConnect for the automation of compliance.

Jacobsen said it was important to be an early adopter of technology, rather than trying to play catch up.

“Everyone is of course worried about the regulator liability, but they are equally worried about where to start and how to get on the bus,” Jacobsen said.

Join the discussion