We talk to an international business, with offices across the US, in India and Canada, about the work it does around cybersecurity and physical security vulnerabilities, and how they are measured, and fixed.

There are many firms that might assess risks associated with cybersecurity for family offices, for example, but then don’t have what it takes to fix the problems, so it is claimed.

A more vertically-integrated model – assess a risk, and then provide solutions that are put into action – is what the California-headquartered professional services firm Armanino prides itself in.

“It's too often that the assessment yields action items, but the assessment firm is not able to fix the vulnerabilities and the family office’s IT resources are insufficient to resolve [it]. A vertically-integrated firm that not only provides the assessment but also the implementation of the resolution and ongoing maintenance is a better solution in most situations,” Chris Mays, partner at Armanino, told Family Wealth Report in a recent interview. Mays leads family office services and is based in Los Angeles.

“The sort of services that we provide are no longer nice to have but essential. Cybersecurity is now part of our offering,” Mays said. 

“One complaint I have heard [in this industry] is that there are a lot of people who do risk assessments but not many of them who then carry things through,” he said.

Such comments speak to the importance of cybersecurity – and physical security – that were aired at FWR’s forum on cybersecurity in Manhattan last week. (See reports here and here.) It’s not surprising that family offices - once relatively obscure area - is receiving more attention, including from those trying to steal their wealth. The total size of wealth that family offices hold is large. According to one report from Deloitte, they are estimated to hold around $3.1 trillion worldwide – the figure is expected to rise to $5.4 trillion by 2030. 

FWR spoke to Mays and Mark Knight, also a partner. (Knight leads cybersecurity and privacy practices out of Austin, Texas.) Armaninio provides consultancy, marketing communications, risk advisory, business management and other services. The business operates across the US, in Canada and in India.

Ethical hackers 
Knight explained how one of the tasks he performs is leading a group of “ethical hackers.” Their job is to test systems for vulnerabilities.

“Family offices are like any other organizations…there should be a structure around risk assessment. We look at what sort of processes are in place, the vendors and ask if this is appropriate,” he said. “For [family office] principals, it is more of an educational relationship.” 

A regular task for Knight and colleagues is to look at the reports that come in, from various agencies of government, for example, about various threats and vulnerabilities, and what sort of virtual private networks (VPNs) are used, and so on. Armanino will look at a home’s security, and carry out scans, and ensure that work-related internet systems are separate from those in private use, he said. 

Networks of influence
Mays said that families need to understand that “networks of influence” – family, close friends, business acquaintances – can be unwitting sources of cyber vulnerabilities.

FWR was also told that a vulnerability that has to be considered is reputation, and the dangers of having communications, such as emails, breached because of lack of security.

At a time when people are out and about using public WiFi in hotels, airports and other locations, risks exist.

Some of the risks of using such networks aren’t as severe as might be supposed, Knight said. “Almost all data on these today is end-to-end encrypted. While public networks are not perfect, the risk of using them is much lower than it once was, so use your best judgment, but know that site encryption and a VPN are your best tools,” he said. 

Even so, using a “VPN when on public WiFi is incredibly important,” Knight said.

And in getting to grips with cyber threats, Knight said Armanino uses AI to help investigate threats, such as fraud and confidence tricksters.  

His colleague picked up on this point. AI can sift through vast amounts of data that a confidence trickster might use to tire out a human being and weaken their defenses, Mays said.

“Humans are biased to be trusting of strangers and have limited patience. If the fraudster meets the limited thresholds for human trustworthiness, the human will comply with their request. Often, the next question would have uncovered the ruse,” he said. AI agents have unlimited patience, and their biases can be specifically tuned for the situation. A single instance of GPT-4o can process information 500 times faster than, and 9,000 x less expensive than a human; these numbers are growing exponentially,” he said. 

A problem, Mays said, is that fraudsters are becoming more convincing with their attempts to send fake invoices. However, Armanino’s system can generate red flags about such attempted fakes. 

Family offices must set up processes for handling monthly reconciliations on their incoming/outgoing transactions. People can ve duped into making transfers to fraudsters. Mays said Armanino’s team has “caught a number of them.”

Let’s get physical
FWR raised physical security and the shock of the recent murder of the UnitedHealthcare CEO, Brian Thompson in Manhattan. (We also reflected on this and other episodes with Edward Marshall, of Presage Global, here, earlier this year.)

The physical security industry has challenges, such as when it comes to staffing. Given a patchwork of local regulations and requirements, security professionals can only be in a country with a client for a certain type, and people have to rotate in and out, Mays said. 

Assuming an expected 12 per cent rise in single-family offices annuallyt in the next few years, the amount of demand for security will be considerable, Mays said. “The security burden is going to increase immensely from this year to the next.” 

There are vulnerabilities family offices should consider, such as human aging. 

Armanino has a group looking out for the interests of older people, Mays said. “They [older people] will have good executive function but have their lapses. The aging wealth owner is a particular focus for us…often we stand between them and the outside world.”