‘There are only two types of companies: those that have been hacked, and those that will be,’ in the famous words of Robert Mueller, uttered in 2012 while he was the director of the FBI.
If the number of worldwide cyberattacks that took place this year taught us anything, it is that no one is truly safe. But new research has found that ultra-high net worth families (UHNW) and family offices do not even appreciate the greatness of the threat.
According to Private & Confidential: The Cyber Security Report, a study by Schillings and Campden Research, 38% of respondents do not have a cyber security plan in place.
Rod Christie-Miller, chief executive at consultancy Schillings, said: ‘We see lots of deliberate attacks on families and their businesses by those opposed to them. Whether they are blackmailers, disgruntled family members, business or political rivals – lots of people with an agenda are seeking stolen or private information to gain an advantage.
‘Even supposedly friendly parties, such as commercial partners and banks, are now using reputation to assess whether they want to do business with a family. While perfectly reasonable, the risk is that they will assess a family’s reputation based on “fake news” and reams of uncorroborated stolen data.’
He added: ‘There is a fine line between complacency and confidence. The link between private and confidential information being stolen, and the impact this can have on reputation, is not being made.’
The report makes a number of suggestions to combat this, which include investment in training, creating an incident response plan and not leaving it to just the IT department but taking a personal interest.
An example of this is B Capital, which is planning to launch a program to train and help family offices and investment boutiques to prepare for cyberattacks. Elsewhere, recently launched UHNW wealth boutique Infinity Wealth by Design has taken the threat so seriously, founder Elisabeth Dana said the firm spent 30% developing ‘military grade’ security, which was so sophisticated, the business received a tax break from HMRC in recognition of innovation.
However, looking at the numbers, there is still more to be done before family offices can fully combat the rising threat.
Jérôme Stern, founder of J Stern & Co, says that although cyber security is extremely important for family offices, in general because they are small businesses ‘most of them do not take enough care to raise their defences against potential cyber attacks’.
He added, however, that as the size of the businesses increase, in terms of people, clients or AUM, then cyber security becomes more of a recognised issue and better addressed.
‘At the end of the day it’s a fixed cost to the business. It’s super important and data is crucial to the business. If any of it gets stolen you have all sorts of complications and breach of confidentiality. It’s not a matter of if, it’s a matter of when.’
At J Stern & Co, he says that the company focuses on compartmentalising everything. Therefore if one part of the system is attacked, the rest can still continue to work. In addition, the firm has a disaster recovery plan in case everything is attacked at once, which allows it to access multiple back ups quickly. ‘Generally it’s about staying vigilant and making sure you do the investment and make sure you diversify the risk by having multiple systems,’ he said.