Technology

From Risk To Resilience: Strategies For Cybersecurity In Family Offices

Dale Buckner and Ileana van der Linde September 27, 2024

From Risk To Resilience: Strategies For Cybersecurity In Family Offices

The latest in a series of articles linking back to the discussions held at a family office cybersecurity and AI summit that was organized by the publisher of this news service.

The following article, which is linked to the Family Wealth Report Family Office Cybersecurity and AI Summit, is part of a series of articles.  

The editors of this news service are pleased to share this material; the usual editorial disclaimers apply. Email tom.burroughes@wealthbriefing.com if you wish to respond.

Family Offices And Their Vulnerabilities

In a “fireside chat” at the Family Wealth Cyber Conference in New York City, Global Guardian chief executive Dale Buckner (pictured) and Ileana van der Linde (pictured), head of global cyber advisory from JP Morgan, highlighted the significant vulnerabilities within family offices managing substantial wealth. 


Dale Buckner

Ileana van der Linde

Despite overseeing millions to billions of dollars in some cases, these offices are alarmingly unprepared for cyber threats: Only 8 per cent of family offices have in-house cybersecurity personnel; meanwhile, 67 per cent have not engaged third-party defense providers, and 63 per cent do not mandate cyber training for their staff, leaving them exposed to cyber attacks (1). 

The conversation emphasized that family offices are prime targets for cyber criminals. Eye-opening data revealed that global cyber losses reached nearly $3 trillion in 2020 and are projected to rise to $10 trillion by 2024 (2). If cyber losses were an economy, it would rank as the third largest globally, trailing only the US and China. This stark comparison underscored the magnitude of the cyber threat landscape and the urgent need for family offices to enhance their defenses. Based on the recent JPMC FO survey, 24 per cent and more of family offices surveyed globally have already experienced a cyber breach (3).  

Dale and Ileana highlighted the critical difference between IT support and cybersecurity. Many family office managers mistakenly equate the two, not realizing that while IT focuses on connectivity and functionality, cybersecurity centers on protection, encryption, and defense against threats. This misalignment leaves family offices vulnerable, as IT personnel often lack the specialization needed for comprehensive cyber defense. The experts stressed that a robust cybersecurity framework requires specialized knowledge and a proactive approach to threat management.

A significant portion of the discussion addressed authentication, and the risks posed by artificial intelligence. Buckner introduced multi-factor authentication (MFA) as a crucial safeguard, particularly for large financial transactions. With AI increasingly capable of replicating voices and images, additional verification layers are essential. 

One practical solution proposed was a code word system, changing every 90 days and known only to key personnel. This third authentication layer ensures that even if AI replicates a voice or image, the transaction cannot proceed without the correct code word, significantly enhancing security.

The conversation also underscored the importance of robust cyber policies and the legal ramifications of neglecting them. Without comprehensive cyber policies, family offices face significant legal exposure, especially when sensitive information crosses from corporate to personal domains. Implementing strict information compartmentalization, regular password changes, and thorough cyber audits were identified as fundamental steps in fortifying family offices against cyber threats. These measures protect assets and safeguard the reputation and integrity of the family office.

One of the most striking revelations was the lack of regular cyber audits among family offices. Buckner noted that 90 per cent of the audience had not undergone a cyber audit in the past 18 months. Such audits are critical for detecting vulnerabilities, potential breaches, and ensuring overall cyber health. He urged family offices to conduct these audits regularly to establish a security baseline and identify existing threats from entities such as foreign actors or internal leaks. 

The session concluded with actionable takeaways for family offices to implement immediately. Buckner stressed the importance of covering the basics – such as robust cyber policies, regular password changes, comprehensive audits, and proper authentication measures – before delving into the complexities of AI. These foundational steps are crucial for protecting family offices’ assets and ensuring their resilience against cyber threats.

Additionally, the experts recommended ongoing cyber education for all staff to cultivate a culture of security awareness. This involves regular training sessions, simulated phishing exercises, and staying informed about the latest cyber threats. Family offices were also advised to consider cyber insurance as a safety net to mitigate potential financial losses from cyber incidents.

The conversation at the conference served as a wake-up call, urging family offices to recognize the gravity of cyber risks and take decisive action to secure their financial futures. The insights provided underscore the importance of a proactive and comprehensive approach to cybersecurity, tailored to the unique needs of family offices.

Key point takeaways

Family offices' cybersecurity preparedness
-- Lack of measures: Only 8 per cent of family offices have in-house cybersecurity personnel, while 67 per cent have not hired third-party defense providers.
-- Training deficit: 63 per cent of family offices do not require cyber training for their staff, indicating significant vulnerabilities.

Cybersecurity risks and statistics 
-- Targets for cyberattacks: Family offices managing billions of dollars are prime targets for cyberattacks due to insufficient cybersecurity practices.
-- Global cyber losses: Cyber losses are projected to reach $10 trillion by the end of 2024. 

Authentication and AI risks:
-- Multi-factor authentication (MFA): Family offices need to adopt additional layers of authentication to mitigate risks of AI-driven fraud, especially for large transactions.

-- Code word system: A proposed solution is the use of a code word, known only to key personnel, as a third factor of authentication to enhance security against AI replication of voices and images.

Cyber policy and legal exposure
-- Necessity of cyber policies: Having a robust cyber policy is crucial for legal protection. Lack of such policies can lead to legal vulnerabilities, especially when sensitive information is involved in legal cases.

-- Password management: Most family offices lack adequate password security systems. Implementing regular password changes and robust management systems is essential for reducing cyber risks.

Actionable takeaways
Back to basics: The conversation stressed the importance of covering basic cybersecurity measures. Family offices should prioritize fundamental security practices to protect their assets effectively.

-- Insurance safety net: Family offices were also advised to consider cyber insurance as a safety net to mitigate potential financial losses

Company profile 
Global Guardian protects and delivers families from political, environmental, and bad actor threats around the world. Our comprehensive global security solutions are custom-tailored to help clients identify and mitigate the risks of traveling and doing business both overseas and domestically. 

Footnotes:

1,  JP Morgan Private Bank 2024 Global Family Office Report 
2,  https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
3,  JP Morgan Private Bank 2024 Global Family Office Report

About the speakers

Dale Buckner 
Dale Buckner has been leading Global Guardian since its inception in March 2012. He is a decorated US Army Combat-Commander and former Green Beret with multiple combat tours and classified operations in the Middle East and Latin America. Dale has bachelor’s degrees in criminal justice and business, master’s degrees in public administration and business administration, a master's certificate in strategic leadership from Cornell and was a senior fellow at the Tufts University School of Law and Diplomacy.  
 

Ileana van der Linde 
Ileana van der Linde is an executive director in JP Morgan Asset & Wealth Management (AWM) with extensive experience in wealth management and technology. As head of cyber advisory, Ileana educates clients and employees globally on how to better protect themselves, their families, and their businesses from increasing cybersecurity threats.  

Register for FamilyWealthReport today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes