Cyber attacks remain a big threat to UHNW individuals and families, and yet single-family offices appear not to be doing enough to handle bad situations. The move to home working amid the pandemic has raised the stakes.
A study of more than 250 single-family offices in 12 countries finds that almost three-quarters of them suffered a breach caused by cyber-attackers, yet 72 per cent don’t have an incident plan to handle the risks and 61 per cent don’t have processes to spot breaches.
The EY Single Family Office Study said that 81 per cent of respondents plan to take action on cybersecurity.
Family offices, which collectively oversee trillions of dollars, are vulnerable to attack because they were founded by private individuals who often hired lawyers, accountants or even friends to set these structures up, which makes them more visible on internet searches in some cases. Principals of SFOs can also be shy about spending large sums on technology and systems (as discussed here), although cyberattacks and the pandemic may accelerate their willingness to act.
The cybersecurity point is part of a wider risk management agenda that family offices need to plug into. The EY report said that 49 per cent of SFO respondents are confident that they have the processes in place required to identify potential risks. Some 31 per cent said that decisions about protecting against risks facing their organizations were not taken at the highest levels.
“While digital transformation provides great opportunities, it also comes with risks. Cybersecurity is a key focus area, not just for the family office but the entire ecosystem which includes the families themselves and connected businesses,” Desmond Teo, EY Asia-Pacific family enterprise leader, said.
In other parts of the report, the authors said their findings showed that more than half (58 per cent) of respondents who tracked non-financial metrics of performance, including environmental, social and governance (ESG) criteria, achieved better-than-expected results.
While most respondents (83 per cent) said tracking non-financial metrics does matter, only 30 per cent of them have performance measures in place beyond traditional financial metrics.
SFO respondents are taking action to pursue more diverse strategies and robust governance frameworks to help ensure that their ambitions are being met. One area of focus is social responsibility, with 44 per cent of SFO respondents now actively excluding investments that clash with their ethics and values, and the same percentage say that they plan to make social or environmental investments over the next 12 months.
SFOs fret about regulatory issues: 53 per cent of respondents fear increasing requirements for global transparency and information exchange, the increasing complexity of cross-border tax compliance (48 per cent), and concerns about increased regulatory uncertainty in the wake of the Covid-19 pandemic (46 per cent). Some 72 per cent of respondents highlight concerns about the potential tax implications of remote working.
Almost two-thirds of respondents are not sure whether their tax operations are high performing, with respondents pointing to areas such as processes, people, technology, cost management and risk monitoring.