Matthias Kulka | Matthias Kulka Image Library | Getty Images
Cybercriminals are increasingly targeting the wealthy, making cybersecurity concierge services a new necessity for the wealthy and their families, including C-suite executives.
While companies invest heavily in cybersecurity, personal and home devices are often less protected and therefore more susceptible to hacking. Despite their vast assets and growing threat from cyberattacks, family offices and wealthy families do not consider themselves targets because hacks are rarely publicized.
Bill Roth, CEO of cyber resiliency company HardTarget, said: “The easiest targets now are high-net-worth families, some of which have hundreds of millions or even billions of dollars in large corporate resources, but they are not that secure.” Targeting high-net-worth families , advisors and family offices.
Cybersecurity incidents only become known when they have some kind of public impact. In 2018, Jeff Bezos's phone was hacked after Saudi Arabia's Crown Prince Mohammed bin Salman allegedly sent a malicious video file to Bezos via WhatsApp. The news has been public knowledge since photos of him and Lauren Sanchez were leaked due to a hacker attack. In 2022, the Twitter accounts of Bill Gates, Elon Musk and other prominent figures were hacked for promoting Bitcoin plans.
Bobby Stover, EY family office and family enterprise leader, said: “Significant data breaches – reputational breaches, stolen data, ransomware – all happen to high-net-worth families. It’s just that Just not public.
The secrecy surrounding breaches compounds the problem because many wealthy individuals are unaware of how often breaches occur. Unlike a company or wealth manager, a family does not have to disclose the breach. They may also remain silent about any violations out of embarrassment.
HardTarget co-founder Anwar Visram recalls how a family reached out to help after their son encountered a blackmail scheme that had moved from Tinder to Instagram. The son originally paid a ransom of US$500, but due to the timely payment, the interest of the blackmailer was aroused, and the ransom was increased to US$3,000. By then, the son had closed all of his social media accounts, but the blackmailers had already identified him and were demanding $100,000 from the head of the family, the founder of a wealth management company.
JPMorgan Chase High Net Worth Clients Get Assistance
In response to the growing risk of cyber breaches, family offices and wealth managers are increasingly discussing cybersecurity issues with high-net-worth clients. Not only do companies have to protect their platforms and ensure customers don't send sensitive information via email, they also work to ensure the security of their customers' home networks and devices.
J.P. Morgan Private Bank provides cybersecurity assistance as well as lifestyle and travel services to its ultra-high-net-worth clients. The company has an internal team called the Advice Lab, which covers topics ranging from taxes to cybersecurity.
“Ultra-high-net-worth individuals, families, family offices have wealth, but they generally have far fewer defenses,” said Ileana Van Der Linde, head of cyber advisory at J.P. Morgan Asset & Wealth Management. “I think one of the misconceptions is – Especially for family offices – 'We're small, no one notices us' but 75% of cyber attacks target small and medium-sized businesses.
According to J.P. Morgan Private Bank’s 2024 Global Family Office Report, 24% of family offices surveyed said they had experienced a cybersecurity breach or financial fraud. Despite this, 20% of businesses still do not have adequate cybersecurity measures in place.
“Most people's mindset is 'I'm too smart. This will never happen to me. I've never heard of this,'” Vislam said.
“Nobody was prepared for what was going to happen,” a Silicon Valley executive who lost $400,000 in a real estate scam told CNBC this week.
To raise awareness and improve security, van der Linde and her team educate customers and help them with tasks such as changing privacy and location settings on their phones, adding multi-factor authentication to accounts, or identifying suspicious emails. Private banks can also tap into JPMorgan Chase & Co.'s IT resources.
“You can do a lot of things yourself, but we will assess their needs,” she said. She recalled one client, a family with seven children, each with five devices, and knowing that changing passwords on all 35 devices would be a massive undertaking, so “that's what we might recommend A place for concierges,” she said.
Gaps in Family Office Cyber Defense
Cyber concierges are helping to fill the cyber security gap. Family offices, like small and medium-sized businesses, are an underserved market. Enterprise cybersecurity solutions are often too large, expensive, or cumbersome. Ernst & Young typically works with large corporate clients, and its solutions can help companies detect and prevent data breaches at an annual cost of $300,000 to $500,000. On the other hand, personal network security solutions do not provide adequate protection.
Cybersecurity is also becoming increasingly complex, especially for wealthy families with multiple homes and online security systems with cameras, devices and networks. The more devices you connect, the more work you have to do to keep it safe.
Network Concierge focuses on education and conducts on-site visits to ensure systems are set up securely. Cybersecurity vendor BlackCloak says it can provide protection 24-7, 365 days a year. “We are their digital bodyguards, protecting them,” said Chris Pierson, who founded BlackCloak after working in the U.S. government and corporate world and seeing individuals being targeted outside of work. “I really want a solution,” he said.
A 2023 survey of IT professionals by the Ponemon Institute, sponsored by BlackCloak, found that 42% of respondents said their senior executives and family members had been targeted by cybercriminals. 25% of respondents said they had experienced an average of seven or more attacks in the past two years.
Risks are constantly changing. Van der Linde noted that since the recent unrest in Israel, there has been a significant increase in the number of high-net-worth clients seeking to have their personal information removed from social media, public databases and other sources.
Ernst & Young's Stover said he has found that cybercriminals spend time finding targets, conducting research, and then launching attacks at the right time. An Ernst & Young study of 500 senior executives and cybersecurity leaders found that these organizations experienced an average of 44 “significant” cyber incidents each year, and it took organizations an average of six months to detect an issue.
“In a lot of these cyber breaches, you find someone sitting there strategically listening and doing things. They may not even have to try to steal… they can use the information to go somewhere else and do harm,” Stover said.
Pearson came across an example where a bank executive discovered that his home's entire camera and alarm system was connected to the Internet and could be viewed by anyone. He said this is not a simple off-the-shelf system like Amazon Alexa, but a complex smart home technology that can control lighting, doors, heating control, pool control, movie theater. “If they're not set up correctly, or they're not protected and updated, it creates risks. It's like your door not having a lock,” he said.
As more and more of life and business is conducted online, the risks are getting higher.
“The physical world is evolving, and so is the digital world,” said Christopher Budd, director at cybersecurity company Sophos. “Just like people have their own personal security guards and bodyguards when they face higher risks in the real world, we have our own private security guards and bodyguards in the digital world.” It makes perfect sense to see the same thing happen.”