A London-based independent Wealth Management company has roots that date back to the 18th century, the days of the Hanseatic League.
The Wealth Management company’s unique approach – combining the highest standards of personal service with the collective expertise rivalling that of larger competitors – has propelled it to recent expansion, opening offices in Leeds, Edinburgh, and Bristol. Today, it manages up to £5.5bn worth of assets across a range of high net-worth portfolios.
Operating in a tightly-regulated industry where businesses live and die by their reputation, The Wealth Management company has a heightened responsibility to safeguard its clients’ data from cyber criminals seeking quick financial reward.
In brief
- The Wealth Management firm sought to bolster its data protection policies and processes to navigate tightening information security regulations more confidently and effectively
- Following the successful deployment of ’s Data Protection service, the Wealth Management company expanded the relationship to areas of staff training and a dedicated Security Operations service
- With ’s experts providing continuous cyber resilience assessments, improvement, and consultancy support, the Wealth Management company has complete visibility and total control over its cyber security and data protection posture.
The challenge
Entrusted with handling large amounts of sensitive financial information, the Wealth Management company understands the substantial risk of data breaches and the value of effective cyber defences.
The fall-out from phishing attacks alone in the sector can be monumental. Any externally facing platform can be at risk of account takeover attacks, and once a cybercriminal gains access to a network, they can move around collecting and potentially exfiltrating data.
Besides the risk of people lurking in the shadows, there is also the immediate financial risk of ransomware. “In the worst-case scenario, if systems are shut down while there are financial transactions in flight, it could end up costing clients millions of pounds. That’s a risk we will simply never take,” explains the Head of IT.
Recognising the need for specialist knowledge to navigate the minefield of cyber risk, the Wealth Management company sought the help of an external Data Protection Officer, who would help the company demonstrate its commitment to upholding its legal obligations under the GDPR and other, fast-evolving data privacy regulations. This search led the Wealth Management Company to norm.
The solution
In 2020, the Wealth Management company enlisted norm.’s data protection service, gaining access to a lawyer-led team of experts who quickly became part of the Wealth Management company’s strategic conversations on data security. With norm.’s service and ethos winning senior decision-makers’ approval, the Wealth Management company decided to expand the relationship.
Firstly, recognising that 80 percent of cyber-attacks involve the ‘human factor’, the Wealth Management company selected norm. to deliver staff cyber awareness training. This bite-sized yet comprehensive programme is designed to continuously train and test staff’s ability to spot suspicious activity and report it in the appropriate manner.
“Trust is one of the most important commodities in our industry, so when we decided to step up our staff cyber security education efforts, norm. was our first port of call. norm. is where we go when we want our questions answered, and this familiarity and credibility made our decision to expand the relationship easy,” says the IT Manager.
Secondly, in an effort to enhance its threat detection and response capabilities, the Wealth Management Company selected norm.’s Managed Threat Detection and Response service. This proactive 24/7 service is underpinned by norm.’s UK-based, CREST-accredited Security Operations Centre (SOC). With eyes-on-screen round-the-clock, the Wealth Management company benefits from instantaneous and effective response, such as automatically shutting down networks, isolating endpoints, or closing down suspicious accounts.
“With the proliferation of zero-day malware posing a major risk factor to financial organisations, we wanted total reassurance that nothing gets missed and that our day-to-day operations are backed with state-of-the-art technology,” explains the IT Manager. “To self-build something like that which norm. provides us would only be possible if our company was 10 times its size and hired internal staff to manage it all. Even then, it would be difficult to replicate the quality of the service.”
When integrating new solutions, a key consideration was that the Wealth Management company’s IT ecosystem encompasses multiple technologies and service providers. “It was crucial that any new solution would fit into our existing infrastructure effortlessly and complement the capabilities. norm. did exactly that,” says the IT Manager.
The benefits
By leveraging norm.’s managed services to continuously educate people, shore up data protection processes and fortify its technology, the Wealth Management company has covered all three core areas that make up an effective cyber security strategy.
This comprehensive programme has helped the company develop both proactive and reactive cyber security and data protection controls demonstrating its commitment to the highest information security standards to external stakeholders.
“Without norm. we could not have achieved the agility we have today to get ahead of ever-more serious cyber threats. We can react to shifts in the cyber threat landscape in seconds, rather than hours or days, and that is business-critical,” says the IT Manager. “Another area of marked improvement is our visibility into our cyber postures. We now have a granular understanding of the strength of our defensive capabilities, and we can easily pinpoint areas for further improvement.”
A key success criterion for norm.’s consultancy services was to provide actionable guidance for the Wealth Management company’s digital cyber security committee. norm. has delivered on this and now supports the Wealth Management company’s quest for continuous learning in more than one way.
“Our IT staff use norm.’s smartbloc. LIVE online reporting portal daily, while our C-suite has a more personal relationship with norm.’s top experts and meet regularly to discuss key cyber security and data protection challenges,” says the IT Manager. “norm. is now a staple in our monthly and quarterly committee meetings and our senior management finds the plain-speaking and thoughtful communication style of the team invaluable. It helps our decision-makers make judgements and take action, rather than be confronted with an impenetrable set of risks that they can’t evaluate.”
In summary, the IT Manager says “The story of our partnership is one of continuous improvement. norm. has made a sizeable contribution to our organisation, leading not only to a greater understanding of cyber risks across all levels of the organisation, but also, crucially, a feeling of reassurance among the C-suite that we are doing right by our clients in safeguarding their data, with the right experts by our side. We look forward to seeing this partnership evolve in the future.”