Just 38% of high net worth families have a cyber-security plan in place, despite 28% experiencing a cyber-attack in the past and ever-growing awareness of the issue, according to new research.
The report’s launch also comes as the world’s media continues coverage of the so-called Paradise Papers leak, in which more than 13 million files were stolen from two offshore service providers and the business registries of 19 tax jurisdictions.
The investigation into the papers has not exposed illegal conduct, but has undoubtedly caused reputational damage to some of the world’s wealthiest people and biggest companies.
Schillings partner David Imison said families need to hold third party providers to account, as well as ramping up their own cyber-security planning.
The vast majority (86%) of the 121 family businesses, family offices, and ultra-high net worth families surveyed in Private & Confidential said they felt resilient to reputational threats.
But Imison said weathering an incidence of stolen data requires “determination and preparation”.
“Faced with conflicting information in the public sphere and an overabundance of ‘facts’, guilt will be assumed unless you can demonstrate otherwise,” he said.
“You should be ready to issue a rebuttal if this happens to you. Be prepared with the facts to push back on allegations.”
When asked for his reaction to the Paradise Papers, Imison said public interest does not justify disclosure, when privileged documents have been illegally stolen, even when they ended up in the hands of a third party.
“Despite what you may have heard, in the event your private and confidential information has been stolen via a cyber-attack, there are legal remedies you can look to deploy,” he said. “This applies both to confidential business information, as well as personal or private information, such as photographs.”
The report showed of more than a quarter who had suffered a cyber-attack, 77%—a fifth of the total sample—had been subject to phishing, where hackers pose as legitimate entities as a way to obtain sensitive information.
Publicly available information was sometimes used to facilitate such attacks, and 51% have never audited, or don’t know if they have audited, their publicly available information.
Imison said it was wise to “get interested in your data before someone else does”.
“Find out who holds what information on you and what they are doing to protect it. Where your data is held by current or previous professional advisors, what do their terms and conditions say with regards to data retention? If in doubt, then ask what data is held.”
Appleby, one of the law firms targeted by Paradise Papers hackers said in a statement reacting to media coverage that “journalists do not allege, nor could they, that Appleby has done anything unlawful”.
“There is no wrongdoing. It is a patchwork quilt of unrelated allegations with a clear political agenda and movement against offshore.”