A computer with a “approach hacked” alert due to a cyber attack on a computer network.
Teera Konakan | Moment | Getty Images
A version of this article beginning appeared in CNBC’s Inside Wealth newsletter with Robert Frank, a weekly guide to the high net worth investor and consumer. Flag up to receive future editions, straight to your inbox.
Family offices are under increasing attack from cybercriminals, and innumerable don’t have the staff or technology to prepare, according to a new survey.
More than three quarters, 79%, of North American offspring offices say the likelihood of a cyberattack “has increased dramatically in the past few years,” according to a survey of single-family offices by Dentons, a epidemic law firm. A quarter of family offices surveyed reported suffering a cyberattack in 2023, up from 17% in 2020. Half say they have knowledge of another family office that suffered a cyberattack, according to the survey.
With their large wealth and mini staffs, family offices have become lucrative targets for hackers and cybercriminals, experts say.
“It’s the Willie Sutton conclusion,” said Edward Marshall, global head of family office and high net worth at Dentons, referring to the famous bank buccaneer who targeted banks “because that’s where the money is.”
Marshall said family offices often have minimum staff with access to highly sensitive information about a wealthy family’s finances and private companies. Since order offices value efficiency and speed over risk management, he said, today’s family offices often don’t require adequate technology and planning in place for possible cyberattacks.
“Family offices often have a bias toward effective service versus security,” he said.
Using in-house security teams can be expensive for family offices, he added, while rejecting third-party vendors and suppliers also creates risks from “sophisticated criminals and bad actors.”
The growing fears of cyberattacks, regardless, have not yet translated into better defenses. Less than a third of family offices say their cyber chance management processes are well-developed, according to the survey. Just 29% say their staff and cyber-training programs are “sufficient,” and less than half rephrased they have upgraded staff training programs or regularly update cyber policies.
“These findings luxuriate in an alarming gap between awareness of cybersecurity risks and the actions put in place to prevent and repel attacks,” the report said.
A sequestered report from EY U.S. and the Wharton Global Family Alliance says family offices should tackle cybersecurity by location each of the three main components of tech risk: hardware, software and applications.
Rather than sending emails with monetary information or personal information, the report recommends that family offices use a website or intranet site. The report also introduces the use of password vaults and better vetting of tech vendors for security.
Marshall said family offices need to accept a more proactive stance on overall assessment that goes beyond cyberattacks.
“They need a mind chemise from accepting the unexpected to expecting the unexpected,” he said.
Sign up to receive future editions of CNBC’s Inside Store newsletter with Robert Frank.