Sign in Subscribe
Trusted Advisor

Family Office Cyber Security

Cyber attack groups target Family Offices because of the assets under supervision and the relatively poor level of cyber security protection.

Jonathan Evans

3 min read
A very modern office with key performance indicators displayed on a big screen
Family Office of the future - AI generated graphic


Introduction


No two Family Offices are the same. They have their own ways of doing things with some offices relatively small and simple while others are bigger and more complex. They can range from a single office administrator helping with co-ordination to a team of in-house expert professionals dedicated to wealth preservation, creation and much much more.

Bessmer Trust for example is a large Family Office looking after 3,000 families with more than $217 billion under supervision according to the Bessemer Trust Annual Statement 2023.

Attack groups

Family Offices are targeted by various attack groups including organised crime, ransomware groups, hacktivists, nation states and others. They are attractive targets because of the assets under supervision and the relatively poor level of cyber security controls. When it comes to Cyber Security Family Offices, 40% have suitable measures in place to deal with cyber security risks (according to the UBS Global Family Office Report 2024 - page 52). That means 60% do not! The attack groups know this and will continue to target Family Offices while it’s profitable.

The challenge

When it comes to cyber security, it’s difficult to know what to do and where to go. Family Offices are bombarded with conflicting advice and guidance that can be quite bewildering from cyber security firms selling ‘must have products’ through to consultancy firms ‘selling bank grade security’. These miracle products all need to be maintained and managed along with all the other miracle products you’ve already bought.

Three-step cyber protection plan for family offices

In our opinion most smaller Family Offices (all but the most complex) should not be tempted by the snake-oil of ‘bank or military grade security’ or advanced threat protection but be more pragmatic in their approach. IT Security Locksmith has developed a three-step approach to help small Family Offices to improve their cyber security posture, mitigate some of the associated risk and have a structured plan should the worst happen.

Step 1: Threat Intelligence

Cyber Security stems from good governance. It is important that those in charge of the Family Office, either the Chief Executive Officer, Chief Operating Officer or office manager are aware of cyber threats, their impact on the Family Office and how to mitigate the risk. Armed with this information plans can be put in place to help mitigate the risk and impacts. Without this step a cyber incident could pose an existential threat to the Family Office, impact your bottom line or cause reputational damage and embarrassment to the family concerned.

Step 2: Threat Awareness

A key avenue for attack by cyber attack groups is to target the family of staff and member of the family directly. It is therefore important that staff and family members have knowledge and experience of cyber-attacks, how they are executed and how individuals are manipulated. This allows staff and family members to improve their cyber security self-defence skills which in turn makes it much more difficult to compromise the Family Office via the people that make it.

Step 3: Threat Protection

Most Family Offices have already invested in numerous types of cyber security technology to provide a degree of protection. It is therefore essential that these investments are fully exploited to gain the maximum level of protection for the Family Office. This can be achieved through an independent cyber security assessment to identify technical weaknesses, data backup resilience and privileged access controls.

Conclusion

Before spending lots of money on the latest technology products being pushed by vendors, we would recommend you improve your cyber threat intelligence, threat awareness and improve threat protection by engaging with IT Security Locksmith. Remember, there is no such thing as a 100% cyber secure system. Please get in touch to see how we can help you to get to the next level.

For more complex Family Offices that are interested in Digital Operational Resilience and enhanced cyber security controls please get in touch to discuss where you are today and how that might evolve to help mitigate and prepare for future threats.

About IT Security Locksmith

IT Security Locksmith specialises in board level training and consultancy.

To find out more about our capabilities please click here.

Our services page showcases the types of services we offer. We also provide cybersecurity consultancy for high-net-worth families.

Click here to contact us for a no obligation initial consultation.

Sign up for more like this.

Enter your email
Subscribe