May 30, 2024

Family Offices Are Ripe for Cyberattacks

Family Offices Are Ripe for Cyberattacks - data breach

In recent years, family offices, which manage significant amounts of money for wealthy families across the globe, have become lucrative targets for online hackers. According to IT Governance USA, since the beginning of 2024, there have already been 2,098 publicly disclosed incidents that have breached roughly 5,136,645,282 records, and the numbers are expected to climb. However, while the threat of cyberattacks has risen, oddly enough, the security behind the wealth management companies has not. 

This trend has not gone unnoticed, as many family office clients and those staffed by wealth management companies have noted a growing fear that as the attacks continue to grow more frequent, they question how it's possible that their defenses continue to stay the same. 


Breaking Down the Uptick in Family Offices Cyberattacks

According to the Identity Theft Resource Center, in 2023, there were 2,365 cyberattacks, with 343,338,964 victims. This is roughly a 72% increase from 2021, and the number is only expected to increase in the coming years. As reported in a survey of over 200 family offices across the globe, roughly 71% of family offices believe they are more likely to suffer a cyberattack now than they were a few years ago. The same survey also reported more than a fifth have already reported suffering a cyberattack in the past 12 months, and 79% are currently preparing for some form of cyberattack in the near future. 

While the greater awareness and knowledge of the rising incidents are worrisome, they also provide an opportunity for change. However, the question begs whether these wealth management companies are taking proactive steps to help prepare their staff to handle the coming cyberattacks.


Are Family Offices Prepared To Handle Cyberattacks?

As reported in the survey, roughly 31% of the family offices say their cyber risk management processes are well-developed, only 29% say their staff cyber/tech training programs are "sufficient," and less than half have said they have upgraded their staff training programs or policies to help address the rising risks of cyberattacks. So, it goes without saying that the gaps between the awareness of cybersecurity risks and the actions taken to prevent and/or repel attacks are incredibly alarming. 

However, some believe the blame falls on inadequate staff training and a lack of leadership surrounding cyber security within the businesses, as many have placed a heavy reliance on third-party technology vendors. While having some form of security is better than none, the recent and increasingly frequent reports that have emerged regarding technology failures, cyber threats, and data breaches directly from third-party technology vendors have left millions of clients not only exposed but wondering who they can trust to handle their wealth.


Should You Trust a Family Office To Manage Your Wealth Safely?

When it comes to the question of whether you should continue to trust family offices to manage your wealth securely, the answer is complicated. While we cannot advise you on how to manage your personal finances, we can recommend that you exercise the utmost caution when deciding where and who will have access to your accounts. While you are searching for a private wealth management firm, you'll want to make sure you can trust those around you to not only keep your personal information out of the wrong hands but to also ensure they are consistently working on keeping their security systems and processes up to date.

Questions you may want to ask your wealth management company include policies surrounding cyberattacks and what securities the firm has in place to not only manage but protect your investments. Ask your family office about their most recent cyber security incidents and what steps they took during the breach and after to ensure similar incidents would be prevented in the future.


What Can You Do To Keep Your Data Safe After a Cyberattack?

As we've noted, it appears cyberattacks and data breaches will continue to rise, and unfortunately that means you'll need to be prepared now more than ever when it comes to protecting your wealth and personal data. Often, after a data breach or cyberattack, a company may offer you free credit monitoring services via a third-party company like LifeLock, Kroll, or IdentityForce. While we do highly recommend you take up the offer, along with any other services they may provide for you to ensure your information is well monitored, we also advise you to take a few extra steps to secure your data.

When it comes to your credit or personal information, there are certain laws in place that entitle you to certain protections. For instance, the Fair and Accurate Credit Transactions Act allows consumers one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. After a data breach, reviewing your credit report will allow you to actively correct any errors in your credit history and protect your credit identity should any fraudulent activity occur. However, for those interested in more frequent or daily checks on their credit report, signing up for credit monitoring sites like Credit Karma may be the best option.

Another law that helps protect your identity is the Fair Credit Reporting Act (FCRA), which allows victims of fraud the right to be informed in a fair, timely, and accurate manner should their credit file be used against them. Under the FCRA, victims also have the right to review that report and correct any errors that may be in their credit file.  After your information was accessed in a data breach, and you suspect any form of fraudulent activity, we highly recommend you request a "credit freeze" on your credit report. 

A credit freeze will prohibit a credit bureau from releasing information on your credit report, as well as prevent credit, loans, and services from being approved in your name without your consent. After you've requested a credit freeze, contact the Federal Trade Commission, your state's Attorney General's office, or your local law enforcement to report the incident as soon as possible. Of course, after a breach, you'll also want to make sure you contact an attorney.


Connecting With a Data Breach Attorney Can Help Keep You Safe

While monitoring your credit may be helpful to ensure your personal information is not actively being used in a fraud scheme, it is not the only option you have available to you. By speaking with an attorney, you may be eligible to hold those parties who mismanaged your data liable for their negligent actions, as well as recover financial compensation for any damages you may have incurred due to the breach.

Was your personal information breached in a similar incident or did you receive notice regarding another data breach matter? Contact a Morgan & Morgan data breach attorney today. Speaking with an experienced data breach attorney can help you better understand the scope of your situation and what your legal options are.