In the era of cryptocurrency, hacking and ransomware, advisers and their clients are understandably cautious about where their information ends up.
Pension providers and life companies, particularly those that have significant legacy books they have failed to modernise, can appear apt targets for a cyber-attack.
Services such as SpyCloud have cropped up to allow companies to see how many of their employees’ email credentials or confidential information is accessible on, and can potentially be bought through, the dark web.
We asked a third party to run some searches for major pension providers and life companies, just out of curiosity, to see what exposure was like.
The results appear to range from the very secure to the worryingly fragile.
SpyCloud can only find one dark web record for Just Retirement, and only three for Royal London, for example.
While they are obviously larger groups, the picture is less rosy for others. Standard Life, Prudential, Legal and General and Zurich each have more than 2,000 ‘exposed records’.
The search also looks at whether any executive staff’s emails are on the dark web. This figure is four for Fidelity and three for Aviva.
Platforms also have some exposure: Cofunds has 185 records on the dark web, Alliance Trust 133 and Transact 109.
Trade bodies like the Chartered Insurance Institute and the Association of British Insurers each have more than 100 records exposed as well.
How concerned should advisers and clients be about this? Compared to media companies like the BBC (27,200 exposed records) and ITV (4,400), pension providers look to be in a more secure position. Major banks also have potential exposure of tens of thousands of records.
But that will be no excuse for complacency for life companies, as one breach could prove one too many for clients.
Justin Cash is editor of Money Marketing. You can follow him on Twitter @Justin_Cash_1