Artificial intelligence and the professionalization of crime syndicates have made cybersecurity threats more dangerous than ever to family offices.
Yet, family offices have made little progress to properly address the risk, leaving many families unprepared for cyberattacks that could lead to substantial loss of assets.
Deloitte’s family office cyber report for 2024, one of many on the topic, found that cyberattacks have become almost commonplace, stating that a whopping 43 percent of family offices globally have experienced a cyberattack during the last two years. Half of those have suffered from three or more separate attacks. Despite cyber concerns featuring heavily in family woes, few are doing enough about it.
A search on google trends shows that ‘family office cyber security’ has spiked on three separate occasions, once in 2010, in 2012, and once again in 2023. Plenty has been written on this topic, but it doesn’t appear substantive or timely. This Forbes article, ‘Why Family Offices Need To Prioritize Cybersecurity.’ is six years old.
Hannes Hofmann, head of the family office group at Citi Wealth, says he’s not shocked that cybersecurity remains the number one risk that family offices are not prepared for.
“It became clear to us that cybersecurity is a topic where family offices need a lot of help,” he said. “Cybersecurity has become a huge opportunity, cybercrime is a gigantic industry, organized in a very corporate way. Many organizations out there almost have HR departments, they recruit people and they operate from shady countries.”
Hofmann said that some estimates suggest that the global proceeds from cybercrime are higher today than the proceeds of the global drug trade. “If you’re a crime syndicate and you want to generate revenue, there’s more to be made from cybercrime than from managing, making, and distributing drugs. That’s a big statement.”
Citibank’s family office report for 2024 includes data on how prepared families feel about specific risks they face, including cyber. Of respondents to the survey, 12 percent say these risks have not been well managed and only 11 percent claim they have been “very well managed.” That compares to 39 percent saying investments are well managed and 36 percent saying reputational risk has been handled “very well.”
This begs the question; what is the hold up? Cyberthreats aren’t new, they aren’t going away, and they certainly aren’t getting any better. Cyber has been identified as a serious threat that impacts a near majority of families but not enough progress has been made to mitigate the risk.
Staying Ahead Of the Curve
Family offices manage the money of some of the wealthiest people around the world and shouldn’t give syndicates such a big opportunity, according to experts. “The 1,800 family offices we work with have an average net worth of $2.4 billion, yet only a tenth of them feel they’re adequately prepared,” Hofmann added. “The threat is very real; the implications very real.”
Cybercrime is constantly evolving. The Nigerian prince email scam is old news and it is now easy to acquire software that can produce audio and video that captures the likenesses of family and friends in a way that is hard to detect. Ransomware, similarly, is easy to get hold of and personalize for targets. And there are new threats emerging: Elon Musk’s Department of Government Efficiency has gained unprecedented access to Treasury Department and IRS databases, for example, risking systemic exposure of data on Americans, including the country’s wealthy.
The majority of breaches happen at the family office level. Bad actors can simply crack family office systems far easier than international banks.
Common sense stipulates that families must spend enough money — and make their professionals accountable — to ensure they have fool-proof systems and strategies in place to thwart cyber criminals.
“One of the reasons why a survey shows that only 11 percent of family offices think they’re very well prepared against this threat is because people get it, they know there’s a problem, but don’t know how to find a solution,” added Hofmann. “And the only way to find a solution is to be super organized; Govern, identify, protect, detect, resolve and repair.”
Experts say the simplest way to handle cyberthreats may be to hire external help. The very nature of cyberattacks is that they become increasingly sophisticated over time. To expect a small internal team of one or two individuals to have the resources and knowledge to stay on top of the thousands on the other side trying to find and exploit weaknesses is folly, these people say.
Brian Wiener, founder and CEO of Family Office Resource Group, one such organization, said “to have to manage so many different solutions internally is impractical. It’s not scaleable and it’s costly.”
After 40 years, wealth management is being overhauled as the number of ultra-high net worth investors grows and as families transfer trillions in wealth to the next generation, he added. “The industry is ill prepared for what is coming — and what is already here.”
