Following a recent report demonstrating that family offices are being attacked by hackers, we talk to an IT firm that looks at cybersecurity among its various lines of business.

Family offices are already feeling the impact of weak cybersecurity. As reported here, a survey by Deloitte, the accountancy and professional services giant, found that almost half (43 per cent) of family offices around the world – a sector estimated to hold more than $3 trillion in total AuM – have suffered a cyberattack in the past two years. It appears that many family offices still operate with minimal protections.

The report runs through the main types of cyber attacks: phishing and business email compromise, i.e. when criminals use a legitimate-looking email to trick people into giving over sensitive information and transfer funds; malware, which is designed to compromise security; social engineering, such as tricking people into doing something unsafe; third-party risks, those linked to contractors and suppliers, and insiders, involving employees accessing confidential information without permission.

This news service recently spoke to Warren Finkel, managing director at Omega Systems. The business, which is headquartered in Reading, Pennsylvania, is an IT managed services provider, covering areas including cybersecurity. 

Finkle has decades of IT advisory experience and long-standing relationships within the financial services sector. He founded ACE IT Solutions and led all MSP operations for more than 13 years before the company was acquired by Omega Systems in 2022. 

Why in your view can family offices be a weak link when it comes to cybersecurity? Can you elaborate on the reasons?
Finkel: Family offices manage substantial wealth and maintain a host of sensitive financial data but often operate more like small businesses when it comes to cybersecurity. Many lack dedicated IT teams and unfortunately assume that they are too small to be targeted – which is not the case. A recent study found that 57 per cent of North American family offices have been hit by a cyber attack in the past two years. 

Despite this high exposure, many family offices do not have a formal approach to risk management and are relatively slow to adopt proactive security controls and processes. Furthermore, family offices are prime targets for attackers – they operate legacy systems, run lean operationally and manage an incredible amount of wealth; if you’re a hacker, that’s a win-win-win.

Please describe some of the attack types that exist, what do you do to help family offices be on the guard against them, etc?
Finkel: Family offices face a wide range of cyber threats, from email phishing and voice phishing (vishing) to more sophisticated attacks such as ransomware and deepfakes or business email compromise attacks.

It has allowed hackers to create very convincing social engineering scams and, in some cases, a simple click or seemingly innocuous verification login is all it takes to gain access to an office’s network and data. They’ll scour social media profiles and news articles for background information and impersonate investors, family members and other stakeholders as a way of gaining access into the environment.

Unfortunately, family office employees are particularly susceptible as most aren’t trained on how to spot these attacks and therefore risk exposing the office’s wealth.

Ransomware attacks are also increasing in this space, and hackers are effectively holding data and sensitive information hostage until a ransom is paid. These attacks can obviously be debilitating to family offices and pose very real risks for those who don’t have the proper training and controls in place to prevent such actions. 

As a managed IT service provider (MSP), our role is to help family offices not only understand these risks but combat them by offering continuous security monitoring, threat detection, and incident response services that can identify risks early and address them quickly, while minimising downtime and operational disruption. We support family office customers with everything from email security and multi-factor authentication (MFA) to more advanced endpoint security solutions and ongoing risk assessments. 

By leveraging these comprehensive solutions, family offices can protect themselves from evolving cyber threats and ensure the security of their sensitive financial data and assets.

FWR: There is a lot of talk about cybersecurity these days in family offices, from what we have seen, but what would you say is the state of awareness among FO members today? Has it risen, improved, etc? 
Finkel: While cybersecurity awareness is generally improving, family offices are still slow to adopt necessary protection. Many still believe that they won’t be targeted and do not realise the full extent of their exposure. They often hesitate to invest in security until they experience an incident firsthand – which is not a very savvy way to do business.

The challenge is not just about education, it’s about execution. Cybersecurity isn’t a nice-to-have anymore, and family offices that fail to implement basic protections risk financial losses as well as reputational damage. Unlike regulated entities such as broker-dealers and registered investment advisors, family offices are not subject to the same cybersecurity mandates. Unfortunately, this often makes them even more attractive targets for attackers, as it’s broadly known that they aren’t required to adopt formal security controls.

FWR: How in your view does AI affect the cybersecurity risk level? Does it make it worse, or create new tools to try to stop it?
Finkel: AI’s role in cybersecurity is both a challenge and an opportunity. On the one hand, AI enables cybercriminals to automate attacks, making them more sophisticated and difficult to detect. For example, AI-powered tools can create personalised phishing campaigns, targeting family office members through tailored messages that appear legitimate. As these attacks become more advanced, the speed and scale at which threat actors can operate increases, making it harder for organisations to defend against them.

Conversely, AI offers significant benefits for enhancing cybersecurity defecses. It enables better detection of anomalies in real-time, providing quicker identification of potential threats before they escalate. AI can also automate routine tasks, allowing cybersecurity teams to focus on more complex issues. This is particularly helpful for family offices that lack internal IT support to triage and respond to every potential security incident. 

As AI becomes a more integrated part of cybersecurity, family offices should focus on understanding how to balance these evolving threats and opportunities to ensure that they stay protected.

FWR: Please tell us more about Omega Systems 
Finkel: Omega Systems has offices centrally located across the Northeast US including in key financial hubs such as Stamford, Connecticut and New York City as well as in Pennsylvania, New Jersey and Massachusetts. We started back in 2002 and now have more than two decades of experience guiding family offices and other investment management and financial services firms on IT, cybersecurity and compliance matters. 

In some cases, customers turn to us to operate as their de facto IT team – and they completely outsource IT and security functions to our experts. In other cases, where firms have some internal IT resources, we operate in a co-managed fashion and act as an extension of their team to augment various responsibilities and free up their bandwidth to focus on more core operational initiatives. In both cases, our goal is to help firms stay secure, efficient, and prepared for the future in an ever-changing digital world.