Family offices become prime targets for cyberattacks and ransomware


A computer with a “system hacked” alert due to a cyber attack on a computer network.

Teera Konakan | Moment | fake images

A version of this article first appeared in CNBC's Inside Wealth newsletter with Robert Frank, a weekly guide for high-net-worth investors and consumers. Register to receive future issues, directly to your inbox.

Family offices are under increasing attack from cybercriminals, and many don't have the staff or technology to prepare, according to a new survey.

More than three-quarters, 79%, of North American family offices say the likelihood of a cyberattack “has increased dramatically in recent years,” according to a survey of single-family offices by Dentons, a law firm global. A quarter of family offices surveyed reported having suffered a cyberattack in 2023, up from 17% in 2020. Half say they know another family office that suffered a cyberattack, according to the survey.

With their vast wealth and small staff, family offices have become lucrative targets for hackers and cybercriminals, experts say.

“It's the Willie Sutton effect,” said Edward Marshall, global head of family office and high net worth at Dentons, referring to the famous bank robber who attacked banks “because that's where the money is.”

Marshall said family offices often have a skeleton staff with access to highly confidential information about a wealthy family's finances and private businesses. Because family offices value efficiency and speed over risk management, he said, today's family offices often do not have adequate technology and planning for potential cyberattacks.

“Family offices often have a preference for efficient service over security,” he said.

Using in-house security teams can be costly for family offices, he added, while using outside vendors also creates risks from “sophisticated criminals and bad actors.”

However, growing fears of cyberattacks have not yet translated into better defenses. According to the survey, less than a third of family offices say their cyber risk management processes are well developed. Only 29% say their staff and cyber training programs are “sufficient,” and less than half said they have improved staff training programs or regularly update cyber policies.

“These findings reveal an alarming gap between awareness of cybersecurity risks and actions implemented to prevent and repel attacks,” the report says.

A separate report from EY US and Wharton Global Family Alliance says family offices should address cybersecurity by addressing each of the three main components of technology risk: hardware, software and applications.

Instead of sending emails with financial or personal information, the report recommends that family offices use a website or intranet. The report also suggests the use of password vaults and better security research from technology providers.

Marshall said family offices need to take a more proactive stance in overall assessment that goes beyond cyberattacks.

“They need a change of mentality, from accepting the unexpected to expecting the unexpected,” he said.

Sign up to receive future editions of CNBC Inner wealth newsletter with Robert Frank.

scroll to top