April 2019
From sensitive data and investments to connected devices, cyber threats can have a significant impact on the family offices’ finances and reputation, and on the safety of the family themselves. In this report, we identify ten key actions that family offices should consider implementing to prevent, detect and respond to cyber incidents.
Family offices represent attractive targets for cyber attackers. Statistics indicate that family offices are becoming more frequent victims of cyber attacks – from extortion and fraud, to cyber-enabled physical threats – often leading to significant losses including disruption to systems, reputational damage, and financial loss.
Understanding cyber attackers and their tactics is key to defending the family and the family office. In this report, we provide an overview of some of the most likely threats that family offices and the families they represent may face at work, at home and in transit, including a detailed assessment of each threat, and real-life examples.
The report also suggests ten key actions that family offices should consider implementing - whether in-house or outsourced - to help prevent, detect and respond to some of the most common cyber incidents highlighted.
Extortion – some of the most likely forms of extortion aimed at family offices and families include “ransomware” - a type of malicious software that gains access to an individual’s computer or office network and scrambles their files in a way that only the attackers know how to reverse – and “blackmail to publish sensitive data” where cybercriminals infiltrate an organisation’s network and extort victims with the threat of releasing stolen data.
Fraud – the rise of social media has subsequently led to the rise of “social media hijacking”. This is when cybercriminals take temporary control over a high profile individual’s social media account and can post bogus information in an attempt to damage their reputation or impact stock prices of any listed entities linked to the victim. “Business email hack” is another common form of fraud aimed at high profile individuals where fraudsters mimic the email address or hack into the email account of a trusted colleague or client to impersonate them and defraud victims of large sums of money.
Espionage – family offices can have significant stakes in third party companies, while their owners often have political relevance. They are therefore particularly likely targets for “cyber espionage” which involves sophisticated groups stealing data for political or commercial motives. Stolen sensitive data could be used by hostile governments for surveillance or even to publish perceived embarrassing information.
Cyber-enabled physical threats – these can come in several forms including “information gathering (often from social media) and unwanted attention” which can be used to harass individuals or endanger their safety; “vehicle compromise” where threat actors take control of the engine and navigation systems of private jets, super yachts, and cars; and “high value homes and estates compromise” which can involve bypassing weak internet-connected security systems to facilitate physical burglary, or footage from security cameras hacked and posted online.