There’s no shortage of media coverage on cybersecurity. The news of the Equifax breach is yet another example of how big this problem is and how exposed we all are. But is cybersecurity even a useful term for wealth planning?
In short, not anymore. Wealth advisors must begin to address the elephant in the room. Clients deserve to know that complete cybersecurity isn’t possible. What’s more, they deserve to know what kind of solutions are possible. To do that, we need to educate clients on how the technology industry is really structured—and why. Notice I didn’t mention cybercriminals. What I am bringing to light is how the technology industry infuses, without regulatory oversight, maximum addiction into their products. They then limit, as much as possible, any risk to them through contracts that unfortunately are never read. It’s this conflict—addiction and unawareness—that leaves our clients exposed to a whole different set of risks beyond cybertheft.
As a result, digital technology threatens wealth and wealth planning in ways that aren’t widely discussed. How these threats take shape mean we need to change the conversation away from cybersecurity into perpetual digital-risk management. Is this kind of education as valuable to clients as protecting them from cybertheft? The answer is a resounding yes because it touches on what’s most intrinsically theirs.
There are core reasons to engage in this direction. Most notably, clients desire more technology and are becoming ever more dependent on it. As this dependency grows, new categories of risk to the family and its wealth will continue to emerge. The friction between perceived value and actual risks is a vital gap in modern planning. More top-10 lists and “breaking news” only distance us from where we really need to be for our clients.
Digital-risk management is a more accurate way to frame the right definition and direction of the problem, its causes, and accurate solutions that can be shaped within the culture of the client.
Digital Risk: The Common Battleground
Digital risk means the threat of loss or harm due to the use of technology. There are three key precepts that make digital risk a reality for our clients: (1) a wide body of sensitive data about our clients lives forever on the internet; (2) that data is being mined and used by a wide army of silent actors without the client's knowledge; and (3) new and more invasive technology will make this a part of their lives forever. As a result, the client will experience loss, harm or both due to their use (not necessarily fault) of technology.
And how do we understand technology for purposes of our affluent clients? Remember, we are striving for an actionable, durable definition. At its root, then, technology is a body of contract law and personal perceptions.
Every digital-technology product or service has a detailed, legally binding contract that limits the client’s rights wherever possible. Inside each mobile app, smart device, wireless router, etc., are terms-of-service agreements, statements of work, licensing agreements, and privacy policies that effectively bind the client to a unilateral contract. Often, these are never read. Over time, this results in a minefield of legal blind spots.
How a client and his or her family perceive what technology is will dictate whether their digital-risk exposure is large or small. Increasingly, terms like “gamer” or “social ambassador” define how a family member views themselves, their friends, and their own personal worth. Someone’s “timeline” may constitute their version of a family legacy. Another person’s iTunes account may represent their only “library.” Because of this, a client and his or her family probably are deeply connected (pardon the pun) to adopting whatever the latest and greatest technology is. As we’ve discussed, this is really the open door to digital risk for the family, and the greatest conundrum we will have to solve. I want to address this point clearly—our clients perceive what is a digital risk to be an inalienable “right” to a digital “asset” they “own.” Unless specifically drafted otherwise, this is a completely false assumption.
Mind the Gap
Let’s assume we saw someone walking down the street with a gas can in one hand and an open flame in the other. Five minutes later, that person explodes into flames. What happens if the family of that person comes after us for simply doing nothing?
In much the same way, the current regulatory scheme demands that licensed wealth advisors protect themselves from liability for client information security laws. That is the true intent behind this compliance movement. Yet nothing requires us to stop a client from continuing to walk down the street with the gas can and the open flame. Sooner or later, this yawning gap will be addressed by some formal regulatory standard of care owed to the client.
Think of the estate planner who handles digital assets for a family. That estate planner is (or should be) well versed in what a minimum standard of awareness to the “benefits and risks” associated with technology is, particularly as he or she plans for all the family’s digital accounts. If that family experiences a breach after the planning is concluded, it isn’t a big jump to argue gross negligence or willful blindness if those risks went unaddressed.
Privacy Law: A Way Forward?
The regulatory and activist community has long wrestled with how to make the technology industry clearly and conspicuously advise users of the plain-English obligations of contracts they enter into when interacting online. One meaningful result was the creation of the chief privacy officer (CPO). Lawyers have traditionally filled this role, and its original task was compliance within the organization.
The modern CPO, however, looks very different. Many businesses have learned from incidents like the Target breach that people really do value companies that value and protect their personal information. Doesn’t it make sense that someone with a licensed, fiduciary responsibility, possessing the right skill sets, do the same in the way that really matters for the affluent client? And aren’t we approaching a tipping point in the modern wealth advisory team where, without that, the entire team is at risk of losing the client or worse?
Future-Proofing Our Clients
In the spirit of actionable suggestions, creating a new set of industrywide training that agrees on some fundamental principles around fundamental subjects is vital. Creating more acceptance of the concept of digital-risk management helps our clients where they need it most.
We know with certainty that client perceptions will continue to see value where we see real risk. We also know the clients have a wide landscape of unresolved contractual blind spots that may present themselves in the worst possible moment. Finally, we know the use and addictiveness of technology is only going to get more intense across more of our daily lives.
There is simply no way to stop the human connection with technology. It isn’t realistic nor feasible to insist our clients live their lives with some sort of family “technology guardian angel” hovering over them. However, it isn’t responsible nor representative of the actual threat matrix to continue to insist on “cybersecuring” their lives either.
The author gratefully acknowledges the input of Robert Raymond of HUB International and Denis Kleinfeld, Esq., for their thoughtful contributions to this article.