The scale of threats and attacks on financial services and related sectors is high, and a major worry for groups such as family offices. In the first of two reports from last week's Family Wealth Report cybersecurity forum, held in Manhattan, our correspondent sets out what people close to the action are seeing.

Global conflicts, tariffs and market uncertainty may be dominating the headlines, but cybersecurity concerns are what are keeping family office executives up at night.

Nearly half of family offices around the world experienced a cyber attack in the last 12 to 24 months, according to Deloitte’s most recent Family Office Cybersecurity Report. A staggering 83 per cent of single-family offices identify cyber attacks or data breaches as their biggest risk, according to a recent white paper from Comprehensive Cybersecurity for Family Offices. Losses from cybercrime around the world will exceed $10 trillion this year, according to JP Morgan Private Bank.

“It’s mind boggling how much [cyber] criminal activity is happening,” Julia Valentine (pictured) founder of the technology consulting firm AlphaMille, said at the opening panel of the annual Family Office Cybersecurity Forum, hosted by Family Wealth Report.

Julia Valentine

Phishing, a type of cybercrime where criminals use deceptive methods to trick individuals into revealing sensitive information so they can steal identity or money, gain access to systems, or install malware, is the most common form of cyber breach seen by family offices, Forum panelists agreed.

“We’re also seeing more ransomware attacks, where data from family offices is held until the ransom is paid,” said Ben Tercha, chief operating officer for managed services company Omega Systems. “There’s more teeth to ransomware now and it’s gotten more sophisticated,” Imani Barnes (pictured below), associate director for Risk Strategies’ national cyber risk practice agreed.

Imani Barnes

Family offices are also being victimized by cyber-enabled identification theft, deep fakes, wire fraud and social engineering, panelists added.

AI’s impact
Then there’s artificial intelligence, which has “reshaped cybersecurity,” according to Chris Wake (pictured below), founder of early-stage venture fund Atypical. “AI can be an ally for prevention, but an adversary for harm,” Wake told Forum attendees. “AI is able to get into undetected entry points and expand the attack surface. Instead of having a fortress for security, family offices need intelligent coordinates across systems.”

Chris Wake

Artificial intelligence has accelerated security risks by making phishing emails and video deep fakes “look more legitimate,” said Charlotte Edwards, vice president of operations for Cyberwolf, a cybersecurity firm specializing in UHNW individuals and families. “AI won’t make spelling or grammatical mistakes. It’s much harder to detect.”

AI “is being weaponized for targeted attacks on wealth,” added Ileana Van Der Linde, executive director and head of cyber advisory for JP Morgan Asset & Wealth Management. “You can’t tell if something is real or not.” What’s more, AI’s unprecedented ability to scale creates distractions that can “allow cyberattacks to happen,” said Anna Osborn, chief revenue officer of cybersecurity platform Blackbird.AI.
                                                                                                                                                                                    
Family office weaknesses
The biggest vulnerabilities for family offices are a sense of over-confidence that they aren’t vulnerable to cyberattacks and not keeping their cybersecurity up to date, Forum panelists agreed.

“Family offices have a false sense of security that they won’t be targeted,” said Barnes. BNY’s most recent Family Office Investment Report found that family offices “are either over-confident or their systems, policies and procedures are not up to date,”  according to Matt Semino, senior client strategist for BNY Wealth.

Family offices need to realize that “there is no anonymity anymore,” said Tristan Flannery, managing partner of risk management firm Presage Global. Social media is largely to blame, panelists agreed. That digital ecosystem, Osborn explained, “puts your assets in harm’s way.” 

As a result of the digital footprint we all leave behind, the ability of cybercriminals to target and breach “is at an all-time high,” said Dale Buckner, CEO and president of security firm Global Guardian. “No one can fly under the radar anymore.”

Cyberattacks also personal 
The personal devices owned by family office members and executives are especially vulnerable, panelists warned. 

“There are a lot of blind spots on the personal side of family offices,” according to Paul Freeland, PricewaterhouseCoopers partner heading the firm’s Wealth Compass managed service. “There’s no line between private and office devices,” Freeland said. “One in four family offices have malware on shared devices.”

In fact, noted Cyberwolf’s Edwards, mobile phones are the most targeted devices. Sophisticated technology uses “extreme timing and precision,” she explained, “to scrape information from your phone in a split second.”

Microsoft products were singled out as being particularly vulnerable to security breaches. Exiting employees, especially those leaving acrimoniously, are another major source of potential trouble, noted Lisa Nelson, director of family office services at Wealthing VC Club. And as far as cybersecurity consultant Matt Lamura is concerned, “default settings are your worst security nightmare.” 
 

A scene from one of the forum sessions

Part II of our coverage of the Cybersecurity Forum will focus on how family offices can best prepare and protect themselves from cyber attacks.

(See related content in a separate FWR article from Omega Systems.)