Family offices are experiencing cyber attacks but a recent Deloitte report says too few of these organisations have protection in place.

Almost half (43 per cent) of family offices around the world – a sector estimated to hold more than $3 trillion in total AuM – have suffered a cyber attack in the past two years, according to a new report entitled The Family Office Cybersecurity Report, 2024.
 
In the two-year period measured by Deloitte in the report issued in March, half of the affected family offices suffered three or more separate attacks.

Concerningly, there is a gap between the attacks being reported, and what family offices are doing to thwart them. Nearly one-third (31 per cent) of family offices do not have a cyber incident response plan in place. Another 43 per cent say they have a plan, but it “could be better,” while merely a quarter (26 per cent) claim to have a “robust” plan.

North American family offices are more at risk than those in other regions, according to Deloitte. Some 57 per cent of North American family offices reported an attack, versus 41 per cent doing so in Europe, and 24 per cent in Asia-Pacific.

“North America might be the most-targeted region for cyber criminals because of the complex digital landscapes in the United States and Canada, as well as their relative wealth and influence,” the report said. 

Size also makes a difference: family offices with AuM over $1 billion are also far more likely to have experienced an attack than those with AuM under that figure, at 62 per cent versus 38 per cent, respectively. They are also more likely to report frequent attacks, with nearly half (46 per cent) saying that they have experienced three or more attacks, compared with just 15 per cent for smaller family offices.

And the report continues: “The frequency of cyber attacks, whether successful or not, may also be higher than the survey results indicate. The family offices which have said they do not know of any attacks may have experienced them but could be unaware that they happened, as individuals are much more likely to be aware of an attack that has successfully resulted in identifiable loss or damage than those that have occurred but remain undetected.”

The report runs through the main types of cyber attacks: Phishing and business email compromise, for example when criminals use a legitimate-looking email to trick people into giving over sensitive information and transfer funds; malware, which is designed to compromise security; social engineering, such as tricking people into doing something unsafe; third-party risks, such as those linked to contractors and suppliers, and insiders, such as involving employees accessing confidential information without permission.

Deloitte said that phishing and malware are the most common forms of attack, with 93 per cent of family offices being attacked saying that they involved phishing emails.

"Cybersecurity is a big risk. Many people do not react to cyber threats until they have been attacked. A lot of family offices have now been hit and it has made them reactive. Typically, cyber criminals go after the low-hanging fruit, so the less you do, the more likely you will be a target," the report quoted the CEO at a US family office as saying. "The more difficult you make it for hackers, the easier it will be to avoid potential problems. Some people do not want to spend money on cybersecurity because you pay all this money and the best thing that can happen is nothing at all. But, if you do not spend the money and something does happen, you can experience a huge loss. It is like buying insurance, it is a negatively skewed investment, but it is one you should not avoid."

The report comes at a time of continued growth in the family office space. In its 2024 report, Deloitte said there are an estimated 8,030 single family offices in the world, up from roughly 6,130 in 2019. This number is projected to grow to more than 10,720 by 2030.

The estimated wealth of families with family offices stands at $5.5 trillion, rising from $3.3 trillion in 2019; it is expected to grow to $9.5 trillion by 2030 – a 189 per cent increase.

(Editor's note: On 11 June, this news service's sister publication, Family Wealth Report, will be holding a summit on family offices and cybersecurity topics in New York. See here for more information.)