Technology
From Risk To Resilience: Strategies For Cybersecurity In Family Offices
The latest in a series of articles linking back to the discussions held at a family office cybersecurity and AI summit that was organized by the publisher of this news service.
The following article, which is linked to the Family Wealth Report Family Office Cybersecurity and AI Summit, is part of a series of articles.
The editors of this news service are pleased to share this material; the usual editorial disclaimers apply. Email tom.burroughes@wealthbriefing.com if you wish to respond.
Family Offices And Their Vulnerabilities
In a “fireside chat” at the Family Wealth Cyber Conference in New York City, Global Guardian chief executive Dale Buckner (pictured) and Ileana van der Linde (pictured), head of global cyber advisory from JP Morgan, highlighted the significant vulnerabilities within family offices managing substantial wealth.
Dale Buckner
Ileana van der Linde
Despite overseeing millions to billions of dollars in some cases, these offices are alarmingly unprepared for cyber threats: Only 8 per cent of family offices have in-house cybersecurity personnel; meanwhile, 67 per cent have not engaged third-party defense providers, and 63 per cent do not mandate cyber training for their staff, leaving them exposed to cyber attacks (1).
The conversation emphasized that family offices are prime targets for cyber criminals. Eye-opening data revealed that global cyber losses reached nearly $3 trillion in 2020 and are projected to rise to $10 trillion by 2024 (2). If cyber losses were an economy, it would rank as the third largest globally, trailing only the US and China. This stark comparison underscored the magnitude of the cyber threat landscape and the urgent need for family offices to enhance their defenses. Based on the recent JPMC FO survey, 24 per cent and more of family offices surveyed globally have already experienced a cyber breach (3).
Dale and Ileana highlighted the critical difference between IT support and cybersecurity. Many family office managers mistakenly equate the two, not realizing that while IT focuses on connectivity and functionality, cybersecurity centers on protection, encryption, and defense against threats. This misalignment leaves family offices vulnerable, as IT personnel often lack the specialization needed for comprehensive cyber defense. The experts stressed that a robust cybersecurity framework requires specialized knowledge and a proactive approach to threat management.
A significant portion of the discussion addressed authentication, and the risks posed by artificial intelligence. Buckner introduced multi-factor authentication (MFA) as a crucial safeguard, particularly for large financial transactions. With AI increasingly capable of replicating voices and images, additional verification layers are essential.
One practical solution proposed was a code word system, changing every 90 days and known only to key personnel. This third authentication layer ensures that even if AI replicates a voice or image, the transaction cannot proceed without the correct code word, significantly enhancing security.
The conversation also underscored the importance of robust cyber policies and the legal ramifications of neglecting them. Without comprehensive cyber policies, family offices face significant legal exposure, especially when sensitive information crosses from corporate to personal domains. Implementing strict information compartmentalization, regular password changes, and thorough cyber audits were identified as fundamental steps in fortifying family offices against cyber threats. These measures protect assets and safeguard the reputation and integrity of the family office.
One of the most striking revelations was the lack of regular cyber audits among family offices. Buckner noted that 90 per cent of the audience had not undergone a cyber audit in the past 18 months. Such audits are critical for detecting vulnerabilities, potential breaches, and ensuring overall cyber health. He urged family offices to conduct these audits regularly to establish a security baseline and identify existing threats from entities such as foreign actors or internal leaks.
The session concluded with actionable takeaways for family offices to implement immediately. Buckner stressed the importance of covering the basics – such as robust cyber policies, regular password changes, comprehensive audits, and proper authentication measures – before delving into the complexities of AI. These foundational steps are crucial for protecting family offices’ assets and ensuring their resilience against cyber threats.
Additionally, the experts recommended ongoing cyber education for all staff to cultivate a culture of security awareness. This involves regular training sessions, simulated phishing exercises, and staying informed about the latest cyber threats. Family offices were also advised to consider cyber insurance as a safety net to mitigate potential financial losses from cyber incidents.
The conversation at the conference served as a wake-up call, urging family offices to recognize the gravity of cyber risks and take decisive action to secure their financial futures. The insights provided underscore the importance of a proactive and comprehensive approach to cybersecurity, tailored to the unique needs of family offices.
Key point takeaways
Family offices' cybersecurity preparedness
-- Lack of measures: Only 8 per cent of family offices have
in-house cybersecurity personnel, while 67 per cent have not
hired third-party defense providers.
-- Training deficit: 63 per cent of family offices do not
require cyber training for their staff, indicating significant
vulnerabilities.
Cybersecurity risks and statistics
-- Targets for cyberattacks: Family offices managing
billions of dollars are prime targets for cyberattacks due to
insufficient cybersecurity practices.
-- Global cyber losses: Cyber losses are projected to reach
$10 trillion by the end of 2024.
Authentication and AI risks:
-- Multi-factor authentication (MFA): Family offices need to
adopt additional layers of authentication to mitigate risks of
AI-driven fraud, especially for large transactions.
-- Code word system: A proposed solution is the use of a code word, known only to key personnel, as a third factor of authentication to enhance security against AI replication of voices and images.
Cyber policy and legal exposure
-- Necessity of cyber policies: Having a robust cyber policy
is crucial for legal protection. Lack of such policies can lead
to legal vulnerabilities, especially when sensitive information
is involved in legal cases.
-- Password management: Most family offices lack adequate password security systems. Implementing regular password changes and robust management systems is essential for reducing cyber risks.
Actionable takeaways
Back to basics: The conversation stressed the importance of
covering basic cybersecurity measures. Family offices should
prioritize fundamental security practices to protect their assets
effectively.
-- Insurance safety net: Family offices were also advised to consider cyber insurance as a safety net to mitigate potential financial losses
Company profile
Global Guardian protects and delivers families from political,
environmental, and bad actor threats around the world. Our
comprehensive global security solutions are custom-tailored to
help clients identify and mitigate the risks of traveling and
doing business both overseas and domestically.
Footnotes:
1, JP Morgan Private Bank 2024 Global Family Office
Report
2, https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
3, JP Morgan Private Bank 2024 Global Family Office
Report
About the speakers
Dale Buckner
Dale Buckner has been leading Global Guardian since its
inception in March 2012. He is a decorated US Army
Combat-Commander and former Green Beret with multiple combat
tours and classified operations in the Middle East and Latin
America. Dale has bachelor’s degrees in criminal justice and
business, master’s degrees in public administration and business
administration, a master's certificate in strategic leadership
from Cornell and was a senior fellow at the Tufts University
School of Law and Diplomacy.
Ileana van der Linde
Ileana van der Linde is an executive director in JP Morgan
Asset & Wealth Management (AWM) with extensive experience in
wealth management and technology. As head of cyber advisory,
Ileana educates clients and employees globally on how to better
protect themselves, their families, and their businesses from
increasing cybersecurity threats.