Family offices become prime targets for cyber hacks and ransomware

A computer with a “system hacked” alert due to a cyber attack on a computer network.

Teera Konakan | Moment | Getty Images

A version of this article first appeared in CNBC’s Inside Wealth newsletter with Robert Frank, a weekly guide to the high net worth investor and consumer. Sign up to receive future editions, straight to your inbox.

Family offices are under increasing attack from cybercriminals, and many don’t have the staff or technology to prepare, according to a new survey.

More than three quarters, 79%, of North American family offices say the likelihood of a cyberattack “has increased dramatically in the past few years,” according to a survey of single-family offices by Dentons, a global law firm. A quarter of family offices surveyed reported suffering a cyberattack in 2023, up from 17% in 2020. Half say they know another family office that suffered a cyberattack, according to the survey.

With their large wealth and small staffs, family offices have become lucrative targets for hackers and cybercriminals, experts say.

“It’s the Willie Sutton effect,” said Edward Marshall, global head of family office and high net worth at Dentons, referring to the famous bank robber who targeted banks “because that’s where the money is.”

Marshall said family offices often have minimal staff with access to highly sensitive information about a wealthy family’s finances and private companies. Since family offices value efficiency and speed over risk management, he said, today’s family offices often don’t have adequate technology and planning in place for possible cyberattacks.

“Family offices often have a bias toward efficient service versus security,” he said.

Using in-house security teams can be expensive for family offices, he added, while using third-party vendors and suppliers also creates risks from “sophisticated criminals and bad actors.”

The growing fears of cyberattacks, however, have not yet translated into better defenses. Less than a third of family offices say their cyber risk management processes are well-developed, according to the survey. Just 29% say their staff and cyber-training programs are “sufficient,” and less than half said they have upgraded staff training programs or regularly update cyber policies.

“These findings reveal an alarming gap between awareness of cybersecurity risks and the actions put in place to prevent and repel attacks,” the report said.

A separate report from EY U.S. and the Wharton Global Family Alliance says family offices should tackle cybersecurity by addressing each of the three main components of tech risk: hardware, software and applications.

Rather than sending emails with financial information or personal information, the report recommends that family offices use a website or intranet site. The report also suggests the use of password vaults and better vetting of tech vendors for security.

Marshall said family offices need to take a more proactive stance on overall assessment that goes beyond cyberattacks.

“They need a mind shift from accepting the unexpected to expecting the unexpected,” he said.

Sign up to receive future editions of CNBC’s Inside Wealth newsletter with Robert Frank.