Family offices, which manage the wealth of high net worth individuals and families, are increasingly vulnerable to cyberattacks, according to a survey conducted by Dentons, a global law firm. The survey found that 79% of North American family offices believe that the likelihood of a cyberattack has significantly increased in recent years. In fact, 25% of family offices reported experiencing a cyberattack in 2023, up from 17% in 2020. Additionally, half of the surveyed family offices knew of another family office that had fallen victim to a cyberattack.
The appeal of targeting family offices for cybercriminals is clear. These organizations often possess substantial wealth but have relatively small staffs. Edward Marshall, global head of family office and high net worth at Dentons, likens it to the “Willie Sutton effect,” where hackers target banks because that’s where the money is. Family offices typically have a limited number of employees who have access to highly sensitive financial information and private company data, making them prime targets for cybercriminals.
However, despite the growing threat, many family offices are ill-prepared to defend against cyberattacks. The survey revealed that less than a third of family offices have well-developed cyber risk management processes. Only 29% believe their staff and cyber-training programs are sufficient, and less than half have implemented regular staff training or updated their cyber policies.
These findings highlight a significant gap between awareness of cybersecurity risks and the actions taken to mitigate them. Family offices often prioritize efficiency and speed over risk management, leading to a lack of adequate technology and planning for potential cyber threats. Hiring in-house security teams can be costly, while relying on third-party vendors and suppliers introduces additional risks from sophisticated criminals.
To address these vulnerabilities, EY U.S. and the Wharton Global Family Alliance recommend that family offices focus on three key components of tech risk: hardware, software, and applications. They suggest using secure websites or intranet sites instead of sending sensitive information via email. Implementing password vaults and thoroughly vetting tech vendors for security measures can also enhance cybersecurity.
Marshall emphasizes that family offices must adopt a proactive approach to cybersecurity, going beyond simply responding to cyberattacks. He advocates for a shift in mindset from accepting the unexpected to expecting the unexpected. This requires a comprehensive assessment of potential risks and the implementation of robust security measures.
In conclusion, family offices face increasing threats from cybercriminals due to their substantial wealth and limited staff. Despite this, many family offices lack the necessary technology and planning to defend against cyberattacks. To address these vulnerabilities, they should focus on hardware, software, and applications, implement secure communication methods, and thoroughly vet tech vendors. It is crucial for family offices to adopt a proactive stance and prioritize cybersecurity to safeguard their valuable assets.
