There’s been one story that’s been repeated time and again this year – and for once, it’s got very little to do with the US President. This is the story that may well define 2025. It’s technology related, but it’s not Artificial Intelligence.
Big companies like Marks & Spencer, the Co-op and Harrods have been affected, and. no doubt, other companies, large and small, as well as individuals, will also be part of the story.
Cyber threats have been growing and we’re reading, more often, of how criminals have managed to hack into various networks. The most popular approach is to extort money by denying service – preventing a company’s systems and websites from working, until a ransom is paid.
Big companies use a lot of resources and spend a lot of money fighting off cyber attacks, but the problem is that the hackers only need to succeed once, whilst the companies need to successfully fight off the threat all the time. The cybersecurity experts need to stay one step ahead in a war of attrition.
It seems inevitable that, at some point, there will be a successful attack on a major financial institution or a critical part of our network infrastructure. Our reliance on the internet and computer systems is such that this could present a significant emergency. If there was a successful attack on a bank, for example, account holders might not be able to access their money. It’s worth remembering that an attack isn’t the only thing that can result in a denial of service – TSB customers haven’t forgotten the problems they experienced!
Given that this is an identifiable threat, it is sensible to take precautions and prepare. One approach that makes sense is to actually hold some physical cash (i.e. bank notes) – enough to enable you to enable you to get by for a few weeks, but not too much (as you don’t get any return on physical cash, and there is a risk of holding too much).
It can also make sense to have money with more than one financial institution, so that if one suffers a denial of service attack, you can still access funds from another. For couples, it can make sense for one person to use one bank, and the other to use a different bank. It is essential to be able to access funds directly from the bank (some accounts and National Savings only allow you to access your money through your own current account, and if the current account is frozen, that won’t help!).
When we recommend platforms, pension and investment companies to our clients, as part of our due diligence, we ask these companies to provide details of how they protect our clients against cyberthreats. I’ve been told by several of the representatives from these companies that this is an unusual question, which surprises me – I imagined that all financial advisers would be asking about this! I become worried if a company cannot provide a straightforward and credible answer – you can be sure that we would not recommend a company that cannot provide us with a decent answer to questions about cybersecurity.
It remains important to ensure that you take the usual precautions, updating passwords regularly, protecting your data etc., and generally being vigilant – you cannot really trust anyone on the web. We take cybersecurity seriously at Sussex Retirement Planning and, as well as doing what we can to minimise risks, we have also insured the company against the impact, for our clients as well as ourselves, of cyber threats. It’s also important to us to be able to work with our clients in a variety of different ways – whilst we were able to quickly adopt video-technology during COVID, it may be just as important to ensure that we can work with you on the phone and face to face in the future, if cyberthreats make electronic communication impractical. It surprises me that some of our competitors have adopted electronic communication to the extent that they could not operate without it.
For every problem, there is an opportunity. Cybersecurity has become a mainstream service, required by almost every business and individual. It’s a business with high barriers to entry and good profits. Whilst returns from cybersecurity company shares have been attractive, this is still a high risk sector – in the last twelve months, there was a period when shares in cybersecurity companies lost 27% of their value (between 13th February and 4th April 2025). Whilst it may seem attractive to invest in this sector, you should only do so, if you know you will be comfortable with this degree of risk.
2025 could easily be remembered as the year when the threat of a cyber attack became a reality. We hope that it won’t be, but we have taken action to minimise the risk to our clients and have taken steps to address the threat. If you would like to discuss how to minimise the threat to you, please contact us.
Philip Wise | philip@sussexretirement.co.uk
Managing Director and Chartered Financial Planner
This blog is for information purposes and does not constitute financial advice, which should be based on your individual circumstances.
