Should Your Family Office Be Concerned About Cybersecurity?

November 19, 2020

By Laura Macca

Cybersecurity statistics show that family offices are at increasingly higher risk for targeted data breaches. More than 22% of family offices in North America experienced a cyberattack in 2019, according to the UBS 2019 Global Family Office Report. 

Why are family offices particularly vulnerable to cybercrimes?

Family offices make an ideal target for a cyberattack given the significant wealth involved. According to a 2018 Campden Wealth & Schillings study, family offices are managing almost 50% of ultra-high net worth family wealth. In addition to private wealth management services, family offices often handle the personal affairs of the family. They rely on a smaller staff who have access to large amounts of sensitive data.   Cyber criminals hope to gain access to this information for fraud and/or identity theft, and to capitalize on the privacy and reputational damage concerns common among family offices.

Despite the threat and the rising number of data breaches, many family offices still underinvest in technology because of the cost and complexity of implementing the software and/or hiring IT professionals, leaving a large population of family offices vulnerable to cybercrime.

Common Cyberattack Targets

Research has shown that the most common way to breach a family office’s cybersecurity is through the people it employs. Many of these breaches could have easily been prevented using simple and well-established security practices.  Easy access points attacks utilize to penetrate networks include:  

  • outdated software without the latest security patches and updates;
  • employees sharing access to an employee-issued device with family and friends, exposing the family office network;
  • employees connecting an untested device -- such as a flash drive -- that can be a source of viruses and malware;
  • sending unsecure emails; and
  • employees logging into public Wi-Fi networks or insecure or outdated Wi-Fi networks when working from home.  The COVID-19 pandemic increases this risk, with a record number of people working remotely

A large majority of cyberattacks are the result of phishing emails. Phishing is a form of fraud in which attackers disguise themselves as trustworthy entities or persons in an email or other electronic communication. Attackers will commonly use phishing emails to deceive the recipient into downloading malicious software; providing personal information like account numbers or passwords, wiring funds or paying invoices to cyber-criminals. There has also been an increase in ransomware attacks. Ransomware -- software that denies victims access to their critical data and system files until the victim pays a ransom -- is often spread through phishing emails containing malicious attachments.

Cyberattacks continue to multiply in number and sophistication and represent a major challenge for family offices.  Criminals are targeting people's increased dependence on digital tools. As a result, it is critical for family offices of all sizes to assess their cybersecurity plans and policies. It's time for family offices to change the way they think about technology.

Stayed tuned for Part 2 of this series -- I’ll review ways that family offices can defend themselves against cyberattacks.

About Laura Macca

Laura Macca is the Director of Business Transformation within the Enterprise Technology and Information Group, focused on tax technology and transformation and has practiced at large multinational corporations and Big 4 accounting firms.