List of UK Wealth Management companies that are not secure by default

By Stephen Kellett
15 December, 2017

This is one of several posts of the topic of security of websites. Inspired by my initial post on the security of UK banks.

The reason for splitting this data into multiple posts is to make it more manageable. So that data on one institution is not mixed with data on another type of institution.

This is an updated version of an earlier post. We have added 15 companies since the first version.

The following key is used for the secure status:

Yes The site is secure, loaded via https
Invalid The site loads via https, but the security certificate is invalid and thus the site is insecure.
Partial The site loads via https, but loads some parts of the page without https. The site is insecure.
No The site is loaded via http, not via https.
Fixed The site is loaded via https, but at the time of first writing it was loaded via http.
?? We could not find a website to evaluate.

We tested 68 wealth management companies. We found 18 wealth management companies that did not have a secure home page (not https or did have https with an invalid security certificate). That is 27% of UK wealth management companies have security vulnerabilities

Some of the websites shown below no longer have active links. For those websites we have listed the URL but removed the non-working link.

Wealth Management Company Secure Home Page
Aberdeen Asset Management No
Aberdeen Asset Management Trust Centre No
Allianz Global Investors Yes
Artemis Investment Management LLP Yes
Baillie Gifford Yes
Barclays Wealth Yes
Blackrock Yes
Brewin Dolphin Yes
Cantab Asset Management Yes
Capital Yes
Capital International Yes
CBRE Global Investors No
Charles Stanley Yes
Citi Yes
City Asset Management Plc No
Clifton asset management Yes
Close Brothers Asset Management Yes
Equester Capital Management Yes
Fidelity Worldwide Investment Yes
Franklin Templeton No
Hargreaves Lansdowne No
Hawksmoor investment management No
Heartwood investment management No
Henderson Global Investors Yes
Hermes Investment Management Yes
Interactive Investor No
Investec Bank Yes
Invesco Perpetual Yes
Kleinwort Hambros Yes
Lion Trust No
London and Capital Yes
M&G Securities Ltd No
Majedie No
Mattioli Woods Yes
Mayfair Capital Yes
Money Farm Yes
Montanaro Yes
Morning Star No
MunnyPot Yes
Newton Investment Management Yes
Nova Financial Yes
Nutmeg Yes
Old Mutual Wealth Yes
Prospect Wealth Management Yes
Psigma investment maangement No
Quilter Cheviot Yes
Rathbones Yes
Sanlam Life and Pensions UK Limited Yes
Saranac Partners Yes
Scalable Capital Yes
St. Jame’s Place Yes
Standard Life Investments Yes
State Street Global Advisors Yes
Schroders No
SVM Asset Management No
Swanest Yes
T Rowe Price Yes
Threadneedle Asset Management Yes
Tilney Group Yes
Troy Asset Management No
UBS Global Asset Management Yes
Unicorn Asset Management Yes
Vanguard Asset Management Yes
Wealth Horizon No


It is interesting that you cannot trust a name or a brand to be secure. For example, Aberdeen Asset Management is probably the one name that is most known in the UK. They are regularly featured on the early morning BBC Radio 4 Today Programme to provide their expert opinion. Unfortunately, their website is not secure.

A number of these companies have names that sound old and established, or strong and reliable. They are names, just that. The reliability is in their behaviour. A key part in that is “are they secure”?


I shouldn’t need to point this out, but i will, all the same, just to be clear.

The data provided on this page should taken at face value. If you’re not sure about something, please verify it yourself. Nothing reported here should be regarded as a criticism or an endorsement or recommendation of an organisations security effectiveness. I am simply passing comment on whether the home page (whatever that may be) is provided as https on not. Other security concerns are a separate matter.

If your organisation is listed here and is not marked as secure, your best course of action is to fix that, not to complain that someone is reporting a fact anyone with a web browser can discover. The security status of your home page is public information, albeit information that many people don’t understand.

Guest posts

No, we’re not interested in having a guest post about finance related topics. These articles are about security, not finance.

Fully functional, free for 30 days