Smartcuts_Vertical_Analysis_2026-03-14

Smartcuts Vertical Analysis: CORRECTED & VERIFIED

Who’s Actually Hurting Right Now — And Can They Pay Us?

Date: March 14, 2026 (Corrected Version) Purpose: Stress-test all vertical options with VERIFIED claims, revenue analysis, specific pitches, and reconciliation with all prior Solanasis research. Key constraint: We’re brand new. No clients. No case studies. No established network. We need to find people whose problems are SO urgent that they care more about getting help NOW than about our track record. Verification: Every factual claim in this document has been cross-checked by a senior review agent against web sources. Claims are tagged with verification status.

---

⚠️ CRITICAL CORRECTION FROM PRIOR VERSION

The first version of this analysis ranked direct-to-RIA cold outbound as #1 — THIS WAS WRONG.

Our own prior research (the handoff document and the RIA Competitive Landscape & Trust-Building Playbook) explicitly warned:

“Conclusion 1: Do not make direct-to-RIA cold outbound the only or primary wedge. Real regulatory pressure exists, but direct RIA entry is crowded and trust-gated.”

The prior research identified three established direct competitors already serving RIAs:

• Adelia Risk — vCISO for wealth management, 100+ clients, listed in FINRA Compliance Vendor Directory
• CyberSecureRIA — 16-year track record, RIA-exclusive MSP + cybersecurity
• Fractional CISO — CISSP-credentialed founder, similar assessment-first model

The recommended approach from the original research was a “trusted perimeter of wealth” entry strategy: CPAs → attorneys → compliance consultants → brokers → selective RIAs by referral.

This corrected analysis reconciles both findings. The Reg S-P deadline IS real, but how we approach RIAs matters enormously.

---

THE HONEST FRAMEWORK: What Makes Someone Hire a New Firm?

People hire unknown firms when three conditions are met simultaneously:

1. The pain is urgent and specific — Not “we should probably do something about security someday.” More like “we have a regulatory deadline in 80 days and we haven’t started.”
2. The existing options don’t fit — Big consultants are too expensive. Their MSP doesn’t do this. They don’t know who to call.
3. The risk of inaction exceeds the risk of hiring you — “What happens if we do nothing?” is scarier than “what if this new firm isn’t great?”

Added criterion: Can they afford premium pricing? — We need verticals where $5K-$7.5K for the ORB and $3K-$8K/month for fractional services is easily justifiable.

---

🏆 #1: TITLE COMPANIES & ESCROW COMPANIES — THE ACTIVE CRISIS WITH LOW COMPETITION

Why This Is Now #1

Title companies have the best combination of urgent pain, ability to pay, low competitive density, and decision-maker accessibility for a new firm like Solanasis.

Unlike the RIA space (where Adelia Risk, CyberSecureRIA, and Fractional CISO already own the market), the title company cybersecurity space has very few dedicated providers. The main one we found is Mostro Cybersecurity — that’s it for dedicated title company cyber firms.

The Numbers (VERIFIED)

Claim	Status	Source
$500M in real estate wire fraud losses reported to FBI IC3 in 2024	✅ VERIFIED	FBI IC3 2024 Report, CertifID
$2.77B in BEC (Business Email Compromise) losses total	✅ VERIFIED	FBI IC3 2024 Report
Real estate is a major BEC target sector	✅ VERIFIED	CertifID ⚠️ Note: “real estate is THE #1 target” could not be specifically confirmed — it’s one of the top targets
17% of title companies have sent client money to fraudulent accounts	✅ VERIFIED	ALTA 2024 Wire Fraud Report
Median victim loss: $70,000+ per incident	✅ VERIFIED	CertifID Wire Fraud Report
Over 50% of title professionals report increased cybercrime attempts	✅ VERIFIED	ALTA Survey ⚠️ Note: Original claim of “60%+” was slightly overstated; ALTA says “>50%” with 73% for high-volume firms

Revenue & Ability to Pay: CAN THEY AFFORD US?

Answer: YES — but understand the economics.

• Revenue per closing: ~$4,000-$5,000 per transaction on a $500K home (Barnes Walker)
• Owner income: $70K-$150K/year (FinModelsLab)
• A small independent title company doing 200-400 closings/year would generate $800K-$2M in gross revenue
• Title insurance industry total: $26.2B market (2022)
• Technology spending: ~10% of gross revenue on average for escrow companies (WiFiTalents)

Pricing fit:

• $5K-$7.5K ORB = roughly the profit from 1-2 closings. Easily justifiable when a single wire fraud incident costs $70K+.
• $2K-$5K/month fractional = very reasonable for a company doing $1M+ in annual revenue
• The ROI pitch writes itself: “Our $5Kassessmentcouldpreventa$70K wire fraud loss. That’s 14x ROI.”

What ALTA (American Land Title Association) Requires

ALTA Best Practices 4.0 (effective May 23, 2023) defines seven pillars including: ✅ VERIFIED (ALTA Best Practices)

• Pillar 3: Written Information Security Plan (WISP) — Required for ALTA compliance
• 32 assessment procedures with required pass/fail criteria
• Wire verification procedures for every transaction
• MFA on all systems
• Staff training on phishing and social engineering
• Vendor due diligence including assessment of vendor security controls

Exactly What Solanasis Can Deliver for Title Companies

Here’s the specific pitch — what we ACTUALLY do for them:

Phase 1: 10-Day Operational Resilience Checkup ($5K-$7.5K)

1. Email Security Hardening — Audit their email environment for BEC (Business Email Compromise) vulnerabilities. Check DMARC/DKIM/SPF records (these prevent email spoofing). Test whether their email could be spoofed to send fake wire instructions.
2. Wire Transfer Protocol Review — Evaluate their current wire verification procedures against ALTA Best Practices Pillar 3. Document gaps between what they do and what ALTA requires.
3. Backup & Restore Test — Actually test their backup restoration. Can they recover their escrow files and transaction records if ransomware hits? Most have never tested this.
4. MFA (Multi-Factor Authentication) Audit — Check every system that touches client data: title production software, escrow accounting system, email, cloud storage. Document which have MFA and which don’t.
5. Staff Phishing Vulnerability — Basic phishing awareness assessment for staff who handle wire instructions.
6. ALTA Best Practices Gap Analysis — Map their current security posture against all 32 ALTA assessment procedures. Produce a clear pass/fail matrix.

Deliverables:

• Executive Summary with risk-ranked findings
• ALTA Best Practices Compliance Matrix (pass/fail for all 32 procedures)
• Wire Verification Protocol Recommendations
• Email Security Configuration Report
• Backup Restore Verification Report
• 30/60/90-Day Remediation Roadmap

Phase 2: Fractional Security Officer ($2K-$5K/month)

• Monthly security monitoring and reporting
• Staff training on wire fraud prevention (quarterly)
• ALTA Best Practices compliance maintenance
• Vendor security oversight (for their title production software, cloud providers, etc.)
• Incident response coordination if a wire fraud attempt occurs
• Updated wire verification protocols as threats evolve

The Pitch

“17% of title companies have accidentally wired client funds to criminals. The median loss is $70,000perincident.Wedoa10-daysecurityreviewspecificallyfortitleandescrowcompanies—wehardenyouremailagainstBEC,testyourbackuprestoration,andbuildwireverificationprotocolsthatactuallymeetALTABestPractices.Fixedfeeof$5,000-$7,500, minimal disruption to your closings.”

Competitive Landscape: THIN

• Mostro Cybersecurity — Dedicated title company cybersecurity firm. Full SOC + compliance. Likely more expensive than Solanasis (enterprise-grade tools like Splunk, SentinelOne). This is basically the only dedicated competitor we found.
• CertifID — Wire fraud prevention SaaS (software, not consulting). $5M insurance per file. Complements our services, doesn’t compete.
• Qualia Shield — Wire fraud prevention built into Qualia’s closing platform. Again, software not consulting.
• General MSPs — Local IT companies that don’t understand ALTA Best Practices or title-specific wire fraud risks.

Solanasis advantage: We’re positioned between “expensive enterprise SOC” (Mostro) and “general MSP that doesn’t understand title.” We’re the right-sized, right-priced partner for a small independent title company.

Decision-Maker Accessibility: 9/10

Title company owners and managers make decisions directly. No procurement department. No committee. Many are local Boulder/Denver businesses.

The Smartcut Move

Partner with a local real estate attorney or the Colorado Land Title Association. Offer a free 30-minute presentation on “Wire Fraud Prevention for Title Companies — What ALTA Best Practices Actually Require.” You’re solving a problem everyone in the room is terrified of.

Pain: 9/10 | Urgency: 10/10 (active crisis) | Ability to Pay: 8/10 | Competition: 3/10 (very low) | Fit: 9/10

---

🥈 #2: SMALL RIAs — BUT VIA THE “TRUSTED PERIMETER,” NOT COLD OUTBOUND

Why This Is #2, Not #1

The Reg S-P deadline is REAL and URGENT — that hasn’t changed. But our prior research identified a critical problem with making RIAs our primary cold outbound target:

The RIA cybersecurity market already has established players. Adelia Risk (100+ clients, FINRA directory listed), CyberSecureRIA (16 years, RIA-exclusive), and Fractional CISO (CISSP credentials, similar model) all have years of credibility. A brand-new firm cold-emailing RIA principals will be competing against vendors with track records.

The corrected strategy: Use RIAs as a referral-driven secondary track, entering through the “trusted perimeter of wealth” — compliance consultants, CPAs, and attorneys who already serve RIAs and can introduce us.

The Numbers (VERIFIED)

Claim	Status	Source
Reg S-P compliance deadline: June 3, 2026 for smaller entities (RIAs under $1.5B AUM)	✅ VERIFIED	Paul Weiss, Kroll, Sidley
Requires: written incident response program, 30-day breach notification, 72-hour service provider notification, recordkeeping	✅ VERIFIED	IAPP, Skadden
SEC listed Reg S-P as 2026 examination priority	✅ VERIFIED	SEC Press Release
~68.5% of SEC-registered RIAs manage less than $1 billion	✅ VERIFIED	SmartAsset, SEC Statistics
Total SEC-registered RIAs	⚠️ ~15,870 SEC-registered; 21,669 total investment advisers	SEC Investment Adviser Statistics

Revenue & Ability to Pay: CAN THEY AFFORD US?

Answer: YES — these are well-funded professional services firms.

Revenue math for a small RIA (advisory fee at 0.75%-1.0% of AUM): ✅ VERIFIED (mathematical calculation)

AUM	Annual Revenue (est.)	Owner/Principal Income (est.)	Can They Pay $5K-$8K?
$100M	$750K-$1M	$200K-$400K	Yes, easily
$250M	$1.875M-$2.5M	$400K-$800K	Yes, very easily
$500M	$3.75M-$5M	$750K-$1.5M	Yes, without blinking
$1B	$7.5M-$10M	$1.5M-$3M+	Yes

• Operating margins for smaller RIAs (under $1B AUM): ~18% in 2023 (Schwab 2025 Benchmarking) — margins are compressed but still viable
• Technology spending: ~3-4% of revenue for RIAs (Schwab Benchmarking)
• **For a $250MAUMfirm:\ast \ast Techbudget\approx$56K-$100K/year\to our$5K-$8K ORB is 5-14% of their tech budget. Very reasonable.

The premium pricing argument is strong: “A $5K assessment that keeps you off the SEC’s Reg S-P examination findings list is the cheapest insurance you’ll buy this year.”

Exactly What Solanasis Can Deliver for RIAs

Phase 1: 10-Day Reg S-P Readiness Assessment ($5K-$8K)

1. Incident Response Program Gap Analysis — Do they have a written program that meets Reg S-P’s “detect, respond, recover” standard? Almost certainly not in a form that would survive SEC examination.
2. Breach Notification Procedure Review — Can they notify affected customers within 30 days? Do they have the templates, contact lists, and process documented?
3. Service Provider Oversight Assessment — Do they have written policies for overseeing vendors who access customer data? Do their vendor contracts require 72-hour breach notification?
4. Recordkeeping Audit — Is all of the above documented in a way that demonstrates compliance to SEC examiners?
5. Backup & Restore Test — Can they recover client records and portfolio data if systems go down?
6. Email & Identity Security Review — Check MFA, email security, access controls on custodian portals and portfolio management systems.

Deliverables (mapped to Reg S-P requirements):

• Written Incident Response Program template (customized to their firm)
• Breach Notification Procedures and templates
• Service Provider Oversight Policy and vendor assessment checklist
• Recordkeeping framework with compliance evidence
• Risk Register with prioritized findings
• 30/60/90-Day Remediation Roadmap
• Maturity Scorecard

Phase 2: Fractional Security Officer ($3K-$8K/month)

• Ongoing Reg S-P compliance maintenance
• Annual risk assessment updates
• Vendor oversight program management
• SEC examination readiness support
• Incident response coordination
• Staff training on data protection

The Entry Strategy: Trusted Perimeter, Not Cold Calls

Instead of cold-emailing RIA principals (where we compete with Adelia Risk and CyberSecureRIA), we enter through:

1. RIA Compliance Consultants as Partners — Firms like RIA Compliance Consultants (est. 2004), ACA Compliance Group, and Core CLS tell their RIA clients “you need cybersecurity” but don’t deliver it themselves. We become their recommended vendor.
2. CPAs who serve RIAs — After tax season (April 16+), CPAs who do RIA audits or tax work can introduce us.
3. Estate attorneys who co-advise with RIAs — The attorney → RIA referral path.
4. Selective direct outreach — ONLY to RIAs where we have a warm connection, a referral, or a specific reason to reach out (e.g., they posted about Reg S-P concerns on LinkedIn).

Competitive Landscape: CROWDED

• Adelia Risk — vCISO for wealth management, 100+ clients, FINRA directory listed. Est. $3K-$7K/mo.
• CyberSecureRIA — 16-year track record, RIA-exclusive MSP + cybersecurity. $150-$300/user/month.
• Fractional CISO — CISSP founder, assessment-first model. $5K-$15K assessments, $5K-$15K/mo retainer.
• RIA Workspace — IT services + cybersecurity for financial advisors.
• SmartRIA — Compliance software with cybersecurity focus.

Solanasis differentiator: Our ORB includes an actual backup restore test (most competitors don’t do this). Our fractional model is more affordable than Adelia Risk or Fractional CISO. But we lack their credentials and track record right now.

Pain: 9/10 | Urgency: 10/10 | Ability to Pay: 9/10 | Competition: 8/10 (very high) | Fit: 7/10 (great service fit, hard market entry)

---

🥉 #3: SINGLE FAMILY OFFICES — THE HIGH-VALUE LONG GAME

Why This Is #3

Family offices have massive pain, massive budgets, and almost no cybersecurity. But they are HARD to find and access. This is the highest-value play but requires relationship-building and referral chains.

The Numbers (VERIFIED)

Claim	Status	Source
74% of family businesses experienced at least one cyberattack in last 2 years	✅ VERIFIED	Deloitte 2026 Report
31% lack any cyber incident response plan	✅ VERIFIED	Deloitte Family Office Cybersecurity Report
63% lack cybersecurity insurance	✅ VERIFIED	Deloitte
68% have no vendor risk management (“Know Your Vendor”) protocols	✅ VERIFIED	Simple Risk & Security Report 2025
48% feel unprepared for a cyberattack	✅ VERIFIED	Deloitte 2026 Report
Deloitte survey covers family businesses with revenue ≥ $100M	✅ VERIFIED	Deloitte 2026 Report

Revenue & Ability to Pay: CAN THEY AFFORD US?

Answer: ABSOLUTELY — budget is the LEAST of the constraints here.

• Deloitte’s survey explicitly covers family businesses with $100M+ revenue — these are not small operations
• Family offices typically manage $100M-$1B+ in assets for a single family
• Operating budgets: $1M-$5M+/year for the office itself (staff, technology, legal, accounting)
• Technology budgets: Family offices’ #1 technology focus is security and risk control (Deloitte 2024)
• $5K-$15K/month for fractional security advisory is trivially small relative to the assets they’re protecting

The value proposition is the strongest here: “You’re protecting $100M-$1B in family wealth. A $5K-$15K/month fractional CISO costs less than 0.02% of assets annually. That’s cheaper than your family’s annual car insurance.”

Exactly What Solanasis Can Deliver for Family Offices

Phase 1: Comprehensive Security Review ($7.5K-$15K)

1. Digital Footprint Assessment — Map all the family’s digital exposure: personal email accounts, social media, cloud storage, smart home systems, multiple residences’ networks
2. Financial System Security Review — Audit access controls on investment accounts, banking portals, wire transfer authorization procedures
3. Vendor Risk Assessment — Evaluate the security posture of all service providers (CPA, attorney, RIA, property managers, household staff agencies)
4. Incident Response Planning — Build a family-specific plan: who gets called, what gets locked down, how to communicate with family members
5. Privacy & Digital Hygiene — Review family members’ personal security: password management, MFA, social engineering awareness
6. Physical-Digital Convergence — Security cameras, smart home systems, access controls at residences

Phase 2: Fractional CISO ($5K-$15K/month)

• Ongoing security monitoring and quarterly reviews
• Staff vetting coordination (household staff, nannies, property managers)
• Travel security briefings for family members
• Vendor oversight program
• Incident response coordination
• Privacy protection and digital hygiene training
• Annual comprehensive re-assessment

The Challenge: FINDING THEM

Family offices are private by design. The path in is through their service providers:

• Their RIA (who manages their investments) — this is why the RIA vertical matters as a referral source
• Their CPA (who does their tax planning)
• Their estate attorney (who structured their trusts)
• Their private banker

The Smartcut Move

Don’t target family offices directly. When you do a great job for an RIA or CPA, ask: “Do you work with any family offices or high-net-worth families who might benefit from this kind of review?” The trusted advisor becomes your referral channel.

Pain: 9/10 | Urgency: 8/10 | Ability to Pay: 10/10 | Competition: 4/10 (low for this niche) | Fit: 8/10 (perfect service fit, hard to access)

---

#4: CPAs — THE POST-TAX-SEASON PLAY (April 16+)

The Picture

CPAs have REAL, STATUTORY compliance obligations (IRS WISP + FTC Safeguards Rule). But timing matters.

The Numbers (VERIFIED)

Claim	Status	Source
IRS WISP is mandatory for all tax preparers (Pub 4557/5708)	✅ VERIFIED	IRS Publication 4557, NonaSec
FTC Safeguards Rule applies to CPA firms (16 CFR 314)	✅ VERIFIED	FTC Safeguards Rule
FTC penalties up to $100K/violation	✅ VERIFIED	FTC Penalty Offenses
IRS identity theft returns in 2023	❌ CORRECTION: Specific figure of “294,138” could not be verified against the cited GAO report. The IRS flagged “more than 1 million” returns for potential identity theft in 2023. Use the broader statistic or remove the specific figure.

Revenue & Ability to Pay

• 3-25 CPA firms (our target) typically generate $500K-$5M+ in annual revenue
• Partner income: $150K-$500K+ depending on firm size and location
• $5K-$7.5K ORB is very affordable for these firms — it’s roughly 1-2 days of partner billing time
• The malpractice insurance angle adds urgency: carriers are asking cybersecurity questions at renewal

Why We Wait Until April 16

Tax season (January 15 - April 15) = 100% focus on returns. Zero bandwidth for anything else. Do not contact CPA firms during this window. We already have a complete CPA Outreach Kit ready to deploy on April 16.

Pain: 7/10 | Urgency: 3/10 (now) → 8/10 (after April 15) | Ability to Pay: 8/10 | Competition: 5/10 | Fit: 8/10

---

#5: ESTATE ATTORNEYS — PARALLEL TRACK WITH CPAs

Why They Matter

Estate attorneys handle SSNs, financial accounts, trust documents, family dynamics — extremely sensitive data. ABA Rules 1.6(c) and 1.1 require “reasonable efforts” to protect client data. 66% of law firms lack incident response plans.

Claim	Status	Source
ABA Rule 1.6(c) requires “reasonable efforts” to protect client info	✅ VERIFIED	ABA Model Rules
66% of law firms lack incident response plans	✅ VERIFIED (inverted)	ABA TechReport 2023 — 34% HAVE plans, meaning 66% don’t

Revenue & Ability to Pay

• 2-15 attorney estate planning firms: $750K-$5M+ annual revenue
• Partner billing rates: $300-$600+/hour in Colorado
• $5K-$7.5K ORB = roughly 10-15 billable hours. Very affordable.

The Cross-Referral Power Play

Estate attorneys are the HUB of the “trusted perimeter of wealth.” They work with CPAs, RIAs, private bankers, and family offices. One successful attorney engagement can unlock the entire network.

We already have a complete Attorney Outreach Kit ready to deploy.

Pain: 7/10 | Urgency: 6/10 | Ability to Pay: 9/10 | Competition: 4/10 | Fit: 8/10

---

#6: CYBER INSURANCE BROKERS — PARALLEL TRACK 2

The Honest Truth

• One broker relationship = access to their entire client book — enormous leverage
• BUT: Brokers are skeptical buyers, most work from carrier-approved vendor lists, and getting on those lists requires case studies
• Strategy: Apply to partner programs (Coalition, Cowbell, etc.) NOW. Buy your own cyber liability policy from a local broker. Focus active outreach on RIAs and title companies. Approach brokers with proof after 3-5 completed engagements.

We already have a Broker Outreach Kit and a ready-to-run prospect research prompt.

Pain: 7/10 | Urgency: 6/10 | Ability to Pay: N/A (they’re a channel, not a buyer) | Competition: 6/10 | Fit: 5/10 (right now)

---

REVISED 90-DAY STRATEGY: RECONCILED

Weeks 1-4 (March 16 - April 12): ATTACK TITLE COMPANIES + BUILD RIA CHANNELS

Primary (50% of effort): Title Companies — Wire fraud protection play

• Build title-company-specific outreach kit (detailed pitch above)
• Target: Independent title/escrow companies in Boulder/Denver/Colorado
• The hook: “17% of title companies have wired funds to criminals. We make sure you’re not next.”
• Decision-maker: Title company owner/manager (direct access)
• Channel: Email first, local networking second
• Seek speaking opportunity at Colorado Land Title Association event

Secondary (30% of effort): Build RIA Referral Channels

• Reach out to RIA compliance consultants (RIA Compliance Consultants, ACA, Core CLS) as potential partners
• Apply to FINRA Compliance Vendor Directory (long-term credibility play)
• Create Reg S-P educational content for LinkedIn (position as expert, attract inbound)
• Identify 5-10 Colorado-based compliance consultants who serve small RIAs

Background (20% of effort): Broker + Attorney Foundation

• Apply to Coalition, Cowbell, CyberHoot partner programs
• Buy your own cyber liability policy from a Colorado broker
• Begin attorney outreach (March-May is the window for law firms)

Weeks 5-8 (April 13 - May 9): ADD CPAs + DEEPEN ALL TRACKS

• CPAs wake up post-tax-season. Execute the CPA outreach kit hard.
• Follow up on all title company conversations
• First proposal/engagement should be happening in this window
• Start building case study documentation from first engagement
• Deepen RIA compliance consultant relationships

Weeks 9-12 (May 10 - June 6): CLOSE + LEVERAGE

• Reg S-P deadline is June 3 — MAXIMUM urgency for any RIA that hasn’t started
• This is when “we can do this in 10 business days” becomes the killer advantage
• Close first 2-3 engagements (ideally title companies)
• Use completed work to pitch to family offices through RIA/attorney referrals
• Start approaching brokers with proof of completed work
• RIA compliance consultants can now refer us with confidence if we have case studies

---

THE CRITICAL REFRAME: YOU’RE NOT SELLING ASSESSMENTS

The assessment is the WEDGE. The real value is the ongoing fractional relationship:

1. For title companies: “We harden your wire transfer security AND stay on to monitor, train staff, and update protocols as threats evolve” — $2-5K/month recurring
2. For RIAs (via referral): “We build your Reg S-P compliance program AND stay on as your fractional security officer” — $3-8K/month recurring
3. For family offices (via RIA/attorney referral): “We become your trusted technology advisor across all operations” — $5-15K/month recurring
4. For CPAs: “We validate your WISP and security controls AND maintain them as a living program” — $2-5K/month recurring
5. For attorneys: “We help you demonstrate reasonable efforts to protect client data AND keep it current” — $2-5K/month recurring

---

WHAT TO BUILD NEXT

1. Title company cold outreach kit (wire fraud angle — same depth as CPA/attorney/broker kits) ← HIGHEST PRIORITY
2. Title company one-pager (wire fraud protection + ALTA Best Practices alignment)
3. RIA compliance consultant partnership pitch (how we work together, not compete)
4. Reg S-P educational LinkedIn content series (inbound lead generation for RIAs)

---

SOURCES (All Verified Unless Noted)

Reg S-P / RIA

• SEC Reg S-P Amendments — Paul Weiss
• SEC 2026 Examination Priorities
• Reg S-P for RIAs — CBIZ
• Reg S-P — IAPP
• FINRA Reg S-P Reminder
• SEC Reg S-P — Sidley Austin
• SEC Investment Adviser Statistics
• Schwab 2025 RIA Benchmarking Study
• RIA Industry Statistics — CircleBlack
• Kroll Reg S-P Navigator

Title Companies / Wire Fraud

• FBI IC3 2024 Annual Report
• 2025 Wire Fraud Report — CertifID
• ALTA Best Practices
• ALTA 2024 Wire Fraud Report
• Colorado Division of Real Estate — Wire Fraud
• Title Company Earnings — Barnes Walker
• Title Company Owner Income — FinModelsLab
• Mostro Cybersecurity for Title Companies

Family Offices

• Deloitte Family Business Cybersecurity 2026
• Deloitte Family Office Cybersecurity Report
• Family Office Risk & Security Report 2025 — Simple

CPAs / Attorneys

• IRS Publication 4557
• FTC Safeguards Rule
• ABA TechReport 2023
• ABA Model Rule 1.6

General

• SEC Withdrawn Cybersecurity Rule Proposals (June 2025) — ⚠️ Do NOT cite these as active law