Cybersecurity regularly grabs headlines around the world and family offices containing sensitive data are not immune to the threat from international hackers.
Bobby Stover, Americas family office leader at EY, outlines what families can do to protect themselves, including building out a 10-point family office cyber protection plan.
How would you describe the state of family offices and their cyber security in general at the moment?
Most single family offices do not have the full suite of cyber security protection at work like corporate America. While most family offices rely upon the standard tools, such as anti-virus, dual factor authentication, they do not have the time or resources to engage in broader protection such as network penetration testing, testing of business continuity planning, disaster recovery or home and personal security assessments.
Does that state vary from global region to region?
No. According to the 2016 Data Breach Investigations Report by Verizon, “no locale, industry or organisation is bulletproof when it comes to the compromise of data.” (p 3)
What percentage of family offices have been cyber attacked? Any estimate on how many dollars family offices have lost due to cyber-crime?
There is no data on the percentage or dollars lost but anecdotally, we have had clients lose (due to hacking of client networks, email and communications; then following a specific family member to learn habits, travel schedule, banking contacts, modes and methods of communication) millions in a fraudulent transfer of funds, ranging from amounts as small as $20,000 to $1 million.
Why is EY urging family offices to improve their cybersecurity?
Cybercrime continues to increase in scope and scale. Recent hacking of major corporations, financial institutions and governmental entities shows criminals are after personal data as well as money.
What cybersecurity myths in family offices are you often having to debunk?
Education is often overlooked as an important factor in the success of protecting your office and family. Urgency at the board level, however a family office defines that, is a key gaining buy in and action from not only the office but the family member themselves.
What can families do to protect themselves?
Follow the 10-point family office cyber protection plan described in the EY piece Cybersecurity: Protecting a Family Office.