Any family offices that don’t view cybercrime as a serious threat should take notice of a recent theft involving a family office chief financial officer who got lazy with his computer security.
The CFO was waiting at an airport, relaxing in the frequent-flyer lounge, when his laptop was stolen. Unfortunately for him and the family office, the computer was brimming with client data. In fact, 181 of the family office clients quickly became victims of identity theft.
The office lost so many clients that it closed after filing for bankruptcy protection from the families’ lawsuits, says Paul Viollis, CEO of Viollis Group International, a New York-based security consultancy that serves over 100 single family and multifamily offices and which was involved in handling the aftermath of the laptop theft.
Viollis says family offices are not tolerant when hackers compromise advisors’ systems. “They are not forgiving,” he says. “People expect you to protect their data. This risk is foreseeable and it’s going to continue.”
As the list of big banks and financial firms that have been victimized by computer hackers gets long and longer, smaller companies are being urged to be on guard—including family offices, which some say could be the next target in the crosshairs of international hackers.
“If a company like Sony, JPMorgan or Target could be infiltrated, a private family could be targeted,” says Richard Wilson, chief executive officer of Key Biscayne, Fla.-based Wilson Holding Company, which provides outsourced CEO solutions, research and training for the family office industry. “A family’s information technology resources, anti-hacker technologies and firewalls are going to be far inferior, in general, to some of these global corporations that have whole IT departments.”
Wilson says that none of the family offices that his company serves has experienced a major data breach yet, but they are growing more concerned. “Cybersecurity is definitely on the radar,” he says. “Our clients seem to be taking it more seriously than they did just two or three years ago. But until you get to the billion-dollar-plus families, I don’t see it being implemented or taken as seriously as it should be.”
Recent hacking conspiracies have only put more pressure on family offices, private banks and other boutique operations to shore up their defense against hackers.
In mid-November, federal prosecutors charged three men with stealing hundreds of millions of dollars in one of the largest cases of computer crime ever uncovered. The trio is accused of coordinating massive data breaches between 2012 and 2015 at a dozen unnamed financial institutions, financial news publishers and technology companies, according to the indictment. JPMorgan Chase, News Corp’s Dow Jones (publisher of The Wall Street Journal), Scottrade and E*Trade have acknowledged being among the companies hacked.
Retailers, insurance carriers, federal government agencies and trade associations—including Neiman Marcus, Anthem Blue Cross Blue Shield, the Office of Personnel Management and the American Bankers Association—have also been victimized by cyber-attacks.
Researchers reported perhaps the most severe Internet security vulnerability in 2014. The “Heartbleed” bug, which can compromise a popular technology used by websites to secure 80% of online financial transactions, may have allowed criminals to read passwords, bank account numbers, credit card numbers and other sensitive data for years before it was detected.
There have been few publicized cases of family offices falling victim to hackers. Wilson says that the rich don’t want to acknowledge cyber-intrusions publicly, in part because they’re concerned that potential business partners might view their family offices as unsecure.
“Maybe someone’s not going to want to do a deal with them. There’s a stigma with sharing that information,” he says.
Few affluent families are well informed about the non-investment threats they face, according to a survey of single and multifamily offices and external chief investment officers by the Family Wealth Alliance. The Wheaton, Ill.-based research and consulting firm’s 2012 security study found that sustainability issues, data loss due to computer crashes and fraud or other loss related to transferring client funds are the major non-investment risks to wealthy families and the firms that serve them.
The firms in the survey said that:
- 29% of their clients had suffered financial fraud incidents.
- 17% of their clients had experienced identity theft via e-mail or the Internet.
- 71% of their clients were “moderately informed” about the everyday security risks they face, 21% were “insufficiently informed,” 4% were “not informed at all” and just 4% were “well informed.”
Worse yet, families were being actively targeted by foreign thieves and mafia groups, according to the study.
Family offices may not understand the basic security risks they face, but cyber-criminals are likely aware that these offices are potentially lucrative targets, security consultants say.