Family offices step up cyber risk defence as attacks increase

Family offices have been strengthening their defences against potential cyber risks amid a rise in attacks, although almost a fifth still do not have a defence plan in place, analysis from Ocorian has shown.

It noted that 43 per cent of global family offices had experienced a cyber attack over the past two years.

This has resulted in 75 per cent of respondents taking steps to strengthen their defences against potential cyber attacks over the past two years, with just 7 per cent saying they had plans in place more than two years ago.

Almost a fifth (19 per cent) did not have any plans in place to protect themselves from a potential attack.

However, 18 per cent said that they planned to put a defence plan in place.

Nearly a quarter (22 per cent) of respondents said they did not have an incident plan in place to respond and recover if they did suffer a cyber attack, while the other 78 per cent had one ready.

More than one in 10 (11 per cent) felt ‘significantly challenged’ when it came to delivering the level and quality of cyber security expertise they need to operate effectively.

Almost half (49 per cent) were receiving advice from third-party professionals over cyber security, although this was set to increase with 72 per cent expecting the levels of outsourcing around cyber security to rise over the next three years.

Of these, 41 per cent said they expected a dramatic increase in outsourcing cyber security.

“A cyber security attack is becoming an increasing reality and can have huge implications for family offices, damaging reputations, triggering loss of stakeholder confidence and putting long-term relationships at risk,” commented Ocorian head of private client – Jersey, Ian Rumens.

“While many are taking steps to put the necessary precautions and defences in place, such as getting expert third-party advice, there are still too many who are highly susceptible.

“The financial impact can also be significant, from direct theft and fraud to business interruption, incident response costs, regulatory fines and potential litigation.

“It’s also vital that family offices work closely with all their service providers and suppliers to make sure those partners have the right protections in place too, helping reduce the risk of a cyber incident spreading through the wider ecosystem.

“Finally, organisations should ensure strong backup and recovery arrangements are tested regularly to help protect against data loss or corruption, so critical records and reporting can be restored quickly and accurately.

“On top of this, with no incident plan in place, it could also take those affected by an attack much longer to respond and recover afterwards.”

---