Cyber Awareness Vigilance and "Frame of Reference Risk"

Cyber Awareness Vigilance and "Frame of Reference" Risk

It seems like a week doesn’t pass without a high profile security breach of some sort, portending challenges ahead for all institutions, and even more so for those that don’t maintain a continually renewed commitment to protect against cyber-criminals. The most recent and prominent example is the New York Times article on February 14th about bank hackers that stole millions via malware (

At Pauley Financial, we have been aware of the expanding threats and have remained proactively committed to employing security and privacy measures. (e.g., migrating to systems such as our document vault ahead of our industry, assisting clients with “security interventions,” and carefully selecting institutions to partner with that manage digital information securely). That said, we don’t believe anyone is immune to cyber threats, and as such, we all have a role in protecting against known and unknown threats. Later in this piece, we’ll share some of thoughts on how to do just that.

Separately, over the decades since we began investing, we have found it helpful in ‘up’ markets to prepare clients and our community mentally for the inevitable next ‘down’ market.

Frame of Reference Risk

We trust that at least some of you will remember the "Ground Control to Major Tom" chorus and will hopefully forgive our coy efforts to lead off this paragraph with a similar effort to "ground" our clients just as David Bowie once did. The S&P 500 has continued to climb higher in 2015 after ending 2014 up 211 points from where it started. The current [U.S.] bull market started in March 2009, and will be six years old this year. Going back to 1929, the current bull market will be the third longest without a 20% correction – only the 1987 to 2000 and 1949 to 1956 bull markets were longer.

As a reminder, other asset classes have not enjoyed the same – international, emerging, and natural resources/commodities have appreciably underperformed the U.S. markets. From a valuation perspective, these markets are much more attractive than the pricey U.S. market.

When it comes to investing in the stock market, the risk that everybody talks about is the bearish periods when the market falls dramatically and keeps falling for months or even years. (Think: 2000-2002 or 2008). The risk is dramatically amplified if the investments employ leverage.

We believe the real damage isn’t just the fall, but the fact that many investors watch the ongoing free-fall with increasing horror until they can’t stand the pain any more, sell out of the market at or near the bottom, and then wince on the sidelines only to miss the recovery. Over the course of this round trip, they lose real money, while those who had the fortitude to hang on have historically recovered their losses.

Recently, professional advisors have begun talking about a different dimension of risk, called “frame-of-reference” risk. Frame-of-reference risk can be defined as the risk that people will look at the performance statement of their diversified investment portfolio and notice that its return is falling short (sometimes far short) of the hottest market index of the day (or, of their neighbor’s report of returns that seem far superior to their own). They abandon the diversified investment approach and concentrate their holdings in the hot market right as the other investments they sold are about to take the performance lead.

A portfolio that holds different asset classes, which move up or down out of sequence with each other (not highly-correlated), tends to have a smoother yearly overall performance measure. Portfolios that deliver smoother returns don’t have to experience extreme recovery to stay in positive territory. As an example, diversified portfolios were earning 13.05% average return from ’94-99, and a 9.96% return from 2000 until 2005, as compared to a 23.55% U.S. stock market return during the first period, and negative returns from 2000 until 2005.

Of course, many investors today are facing this frame-of-reference risk head-on. The U.S. market has been booming since bottoming out in March of 2009, while the rest of the world has been mired in a recessionary hangover. Commodities—most notably oil, but also gold—have been retreating lately. It’s easy to question the value of those other assets in a portfolio with the benefit of hindsight. But with the benefit of historical perspective, the underperformance of broad asset classes usually reverses itself. Of course, we never know exactly when that will happen.

As a reminder, gains and losses are not symmetrical, and the differences become greater with magnitude. A loss of 10% requires a modest 11% gain to get back to the original portfolio value. But a 20% loss requires a 25% gain, a 30% loss doesn’t recover until the portfolio has achieved a subsequent 43% gain and a 50% loss doesn’t get back to even until the battered portfolio has gone up 100%.

In today’s environment, when the U.S. markets are enjoying a long, un-interrupted run of good fortune, frame-of-reference risk becomes more prominent. We know that frame-of-reference risk, just like the more well-known volatility risks, lures investors to abandon their long-term strategy at the wrong time. Emotions begin to control investment strategy with usually poor results.

We understand that the above insights can be sobering but as the recent Wall Street Journal Alert has once again reminded us, the Federal Reserve bank is already signaling that interest rate hikes are on the way higher, as their job is to take the punch bowl away, just as the party is really heating up (to mitigate inflation risk). We believe our role is similarly to remind our clients and our community of the sound rationale behind adhering to diversified portfolios through disciplined re-balancing, so that portfolios are never ‘too hot’ nor’ too cold’.

Cyber Vigilance

There are resources everywhere that will provide education on common threats, “fixes”, breaches and even sites that can teach you how to become a cyber-criminal. At the end of all that, we feel the most important message we can deliver to you is, very simply, “Think”. I (Kimberly) tell my children regularly despite occasional eye-rolls, “If you aren’t part of the solution, you are part of the problem”, and cyber protection is no different.
In our fast-paced, over-filled, multi-tasking world, we offer this “Top 10 List” in hope that is both easily consumable and actionable:

  1. Educate yourself: (consider skipping the aforementioned “How to become a Cyber-Criminal” sites).
  2. Confirm that your virus/intrusion protection is current on laptops, tablets, phones, and even your cars. Internet-enabled cars open new “opportunities” such as:
    1. Vehicle disablement: After a disgruntled former employee took over a Web-based vehicle-immobilization system at an Austin, Texas, car sales center, more than 100 drivers found their vehicles had been disabled or their horns were honking out of control.
    2. Tire pressure system hacking: Researchers from the University of South Carolina and Rutgers University were able to hack into tire pressure monitoring systems. Using readily available equipment and free software, the researchers triggered warning lights and remotely tracked a vehicle through its unique monitoring system.
    3. Disabling Brakes: Researchers at the University of Washington and University of San Diego created a program that would hack into onboard computers to disable brakes and stop the engine. The researchers connected to onboard computers through ports for the cars’ diagnostic system.
  3. Use strong passwords: They should be at least eight characters, contain at least one number, one capital letter, one lower case letter, and one special character. Do not use the same passwords for work and home.
  4. Encrypt your devices: If your laptop is misplaced/stolen, a password can easily be circumvented by removing the hard-drive and booting that hard-drive under a different processor and operating system – no password required.
  5. Always ‘lock’ your devices after a short inactivity period so you must use a password to regain access.
  6. Do not have online merchants store your credit card data.
  7. Migrate your credit cards to new “chip cards”versus the old “swipe card” technology.
  8. Check your social media settings and be very careful about what information you post and who may have access.
  9. If an email or link looks at all suspicious (and they are becoming increasingly “authentic” looking), it probably is. NEVER respond electronically or by phone with secure information unless you can validate the request (voice, independent inquiry, etc). This is the cyber threat that is best countered by pausing and thinking.
  10. Don’t get complacent: It takes time, effort and complexity to protect yourself. Remember though, it could take considerably more time, effort and possibly assets to recover from an intrusion or breach.