As guardians of a significant portion of Australia’s private wealth, family offices are attractive targets for cyber criminals looking to perpetrate data breaches, fraud and identity theft.
According to a report by Credit Suisse, Australia has the highest median wealth per adult in the world – a level of prosperity that makes us attractive to cyber criminals. As guardians of a significant portion of Australia’s private wealth, family offices are prime targets for data breaches, fraud, and identity theft – which carry financial and reputational consequences.
While family offices are increasing in sophistication and professionalising their operations, so too are cyber criminals.
The number and severity of cyber security attacks on Australian businesses is increasing. The 2021-22 financial year Annual Cyber Threat Report from the Australian Cyber Security Centre (ACSC) reported a 13 per cent increase in cybercrime reports from the previous year and an average increase of 14 per cent in the cost per reported cybercrime across businesses of all sizes.
This is consistent with findings from recent years’ BDO and AusCERT Cyber Security Surveys. Considering recent high-profile cyber incidents, it’s no wonder these statistics have put cyber security top of mind for businesses - including family offices.
In this article, we explain:
- The reasons why family offices are targeted by cyber criminals
- How family offices can mitigate their cyber risks and stay secure.
Why are family offices targeted by cyber criminals?
There are numerous reasons why high net wealth individuals, their families and businesses are appealing targets for cybercrime. As a central management ‘hub’ for this wealth, family offices are equally, if not more, vulnerable.
Some of the reasons why family offices may be targeted for cyber attacks include:
- Family offices traditionally have less stringent security controls in place, particularly when compared to those of other businesses or large organisations. This includes inadequate training for staff on scam and phishing e-mails, and lack of a formalised cyber response plan
- Family offices are known for their management of high value assets, making them attractive to cyber attackers, blackmail and extortion
- High wealth families and family offices are often comprised of well-known and influential public figures, with their personal details and wealth status matters of public record
- As for many workplaces, the post-COVID working environment looks different for family offices. An increase in staff working remotely, often without adequate security measures in place, has allowed for easier access to information. Our working from home guide provides businesses and family offices with a checklist to assist in mitigating the risk of a potential cyber incident.
How can family offices stay secure and mitigate such risks?
Family offices are no different to other organisations or businesses in that robust cyber security measures are essential to protecting data and mitigating the likelihood, and severity, of cyber attacks.
Specific measures that family offices can take to help mitigate their cybersecurity risk include:
- Password management: Enforce the use of strong passwords, encourage regular password changes, and implement multi-factor authentication to protect against unauthorised access to sensitive information
- Employee training and awareness: Train employees on basic cyber security principles and best practices, such as identifying phishing scams, avoiding using public Wi-Fi networks, etc.
- Endpoint protection: Install and maintain anti-virus software on all devices, including desktops, laptops, and mobile devices
- Patch management: Keep all software up to date with the latest security patches and updates to prevent known vulnerabilities from being exploited
- Backup and recovery: Regularly backup important data and systems, and test the recovery process to ensure that critical business operations can be restored quickly in the event of a cyber attack
- Access controls: Limit access to sensitive information to only those who need it, and enforce least privilege policies to reduce the risk of data exposure or theft
- Incident response planning: Develop and maintain an incident response plan which outlines the steps to take in the event of a cyber attack or data breach, and regularly test or rehearse the plan to ensure everyone in the organisation knows what to do during a cyber attack
- Vendor and third-party management: Ensure that third-party vendors and suppliers have appropriate security controls in place to protect any sensitive data they may have access to.
Given the increasing cyber security threat landscape, family offices should invest time and resources to ensure the appropriate systems, education, policies and plans are in place to protect their valuable assets and reputation from cyber criminals.
How can we help?
Putting the right measures in place – or even knowing where to start - can be complex, particularly if the family office does not have the right in-house expertise.