pressmaster - stock.adobe.com

Financial advisory firm Succession Wealth probes cyber attack

Aviva-owned wealth consultancy and financial advisory practice Succession Wealth was hit by an undisclosed security incident on 8 February

Succession Wealth, a UK-based wealth management and financial planning specialist that was acquired by insurance and pensions giant Aviva in 2022, has moved to reassure customers after revealing it is conducting an investigation into a cyber security incident of an as-yet undisclosed nature.

Details of the incident are thin on the ground, but it is known that the firm was first alerted to a potential attack on its IT systems on 8 February.

In a statement circulated to the media, a spokesperson for the financial advisory firm said: “Succession Wealth has suffered a cyber attack. We quickly launched an investigation and have notified the appropriate authorities. The security of our clients’ information is our top priority and, as a precaution while the investigation is ongoing, we have quickly introduced additional security measures. 

“Succession Wealth will ensure that clients will not suffer financial loss if their personal data held by Succession is misused as a result of the attack. We are working to assess and resolve this situation, but at this stage, we cannot comment on the nature of this attack.

“We will give further updates as and when appropriate to do so. We understand this will cause concern for our clients and we apologise for this,” they said.

Founded in 2009, Succession Wealth runs a network of more than 200 financial advisors and has over 20,000 clients. It specialises in long-term wealth management and financial planning, whether that be retirement planning, family investments, savings and so on. It has 19 offices around the UK, and approximately £10bn worth of assets under advice.

Its £385m acquisition by Aviva was designed to bolster the latter’s presence in the UK wealth market, which was worth over £1.6tn in 2020. It gives Aviva the ability to offer financial advice to its four million workplace pension customers and two million private customers.

Casey Ellis, CTO and founder of crowdsourced security specialist Bugcrowd and founder of Disclose.io, commented: “At first glance, the mention of additional security measures and customer data sounds like it could be a ransomware attack, but we’re only able to speculate at this point.

“The exact exposure to clients is unclear as it sounds like they are themselves fathoming out what has happened, how to fix it and the full extent of the breach.

“They have offered assurances to customers and staff re: the impact, so in doing so we can assume they have a good idea of what’s going on [and], as part of the Aviva Group, there will be a lot of bright cyber security minds on this right now,” said Ellis.

“The crisis comms team will also be at full throttle as this is now as much about reputation. The organisation holds very personal financial data for many,” he added.

Succession Wealth joins a string of cyber attack victims in the UK so far in 2023, the most high-profile being Royal Mail and financial software firm Ion Group, both of which were held to ransom by the LockBit gang, currently one of the most prolific ransomware operations in the world.

Julia O’Toole, CEO of access segmentation and encryption specialist MyCena, said the majority of such breaches were still occurring through compromised credentials.

“When it comes to addressing these ever-prevalent attacks, organisations must start by tightening access controls across their external and internal networks. Today, most organisations let employees generate their own digital keys or passwords to access the network, but this puts both the organisation and its customers at risk, as that password can be phished or social engineered,” she said.

“An easy way to counter this vulnerability is by encrypting employee credentials, which makes them much harder to steal, and by implementing network access segmentation. This is a key ransomware prevention technique, as it prevents attackers from travelling across networks even if they manage to gain entry.”

Read more about cyber attacks in 2023

Read more on Data breach incident management and recovery