Almost half of multi-million dollar international family offices do not have dedicated cyber security, exposing ultra-high net worth individuals to hackers, an accountancy firm warns.
New research by Moore Stephens revealed 42% of family offices surveyed do not have a policy to protect their vulnerable computer networks of sensitive commercial information. This lapse was despite 79% of family offices claiming they were “concerned” or “very concerned” about cyber-crime.
Moore Stephens researched 40 family offices in the United Kingdom, Germany, the Netherlands, Switzerland, Canada and Australia. The wealth of the family offices ranged from $250 million to $2 billion.
Moore Stephens said family offices make attractive targets for cyber criminals as many control large sums of money but lack the IT defences and IT security personnel of major banks or global fund managers. Cyber security can fall down the list of priorities.
“Family offices are clear targets for cyber-fraudsters – there is no use pretending otherwise,” Steve Williams (pictured), a partner at Moore Stephens, said.
“The one-in-five family offices who are not concerned about the risk of cyber-hackers need to review their polices urgently.
“In many small businesses there can be an attitude to cyber-security of 'I hope it won't happen to us,' and some family offices share that outlook.
“The smaller scale of family offices can make implementing robust cyber security policies seem onerous or heavy-handed. The reality is that without the large dedicated IT support team of bigger financial institutions it is even more important each employee take cyber risks seriously.”
Williams said family offices could not match the cyber security budgets of banks but there were still “significant improvements that can be made.
“For family offices that are concerned about the state of their cyber security, the first thing to do is assume that you are insecure. Only by getting used to the idea that you don't have an unbreakable wall between your data and the world can you start to implement real improvements.
“Focus on what you are trying to protect and who you are trying to protect it from. Analyse your current security measures and fix any problems that you find with them. Keep this critical view and consistently check and update your protocols. As you find fewer problems, start checking more often.
“Don't limit your thinking to just IT, as human error can account for major holes in security. Often people have inappropriate levels of access, and if they make mistakes – misconfiguring security settings or clicking on an email link and downloading a virus – it can trigger enormous security issues.”