Computer with “system compromised” warning due to a cyber attack on the computer network.
Thira Konakan | Moment | Getty Images
A version of this article first appeared in CNBC’s Inside Wealth newsletter with Robert Frank, a weekly guide for wealthy investors and consumers. Register to receive future issues straight to your inbox.
Family offices are increasingly under attack from cybercriminals, and many don’t have the staff or technology to prepare, according to a new survey.
More than three-quarters (79%) of family offices in North America say the likelihood of cyberattacks has “increased sharply over the past few years,” according to a North American survey of single-family offices. Dentons, a global law firm. A quarter of family offices surveyed reported a cyber attack in 2023, up from 17% in 2020. According to the survey, half said they knew of another family office that had suffered a cyber attack.
Family offices, with their large wealth and small staff, have become lucrative targets for hackers and cybercriminals, experts say.
“It’s the Willie Sutton effect,” said Edward Marshall, global head of the family office and a major shareholder of Dentons, referring to the notorious bank robber who targeted banks “because that’s where the money is.”
Marshall said family offices often have minimal staff with access to highly sensitive information about the finances of wealthy families and private companies. Because family offices value efficiency and speed over risk management, he said, today’s family offices often lack adequate technology and planning for potential cyberattacks.
“Family offices often prioritize efficient service over security,” he said.
Using in-house security teams can be costly for family offices, he added, while using third-party vendors and suppliers also poses risks from “sophisticated criminals and attackers.”
However, growing concerns about cyber attacks have not yet led to improved defenses. According to the survey, less than a third of family offices say their cyber risk management processes are well developed. Only 29% believe their staff and cyber training programs are “adequate,” and less than half say they have updated staff training programs or regularly update cyber policies.
“These findings show an alarming gap between awareness of cybersecurity risks and actions taken to prevent and repel attacks,” the report said.
A separate report from EY US and the Wharton Global Family Alliance said family offices should address cybersecurity by addressing each of the three main components of technology risk: hardware, software and applications.
Instead of sending emails with financial or personal information in the report, family offices are encouraged to use a website or intranet site. The report also suggests using password vaults and better vetting technology providers for security.
Marshall said family offices need to take a more proactive stance on overall assessments that go beyond cyberattacks.
“They need a shift in consciousness from accepting the unexpected to expecting the unexpected,” he said.
Subscribe to receive future episodes of CNBC. Inner wealth newsletter with Robert Frank.