Family Offices and Businesses Need Cyber Security

Family Offices and Businesses Need Cyber Security

November 12, 2018 Business Insurance and Risk Management, Personal Insurance & Risk Management, The Beacon Blog 0 Comments

It cannot be repeated too often – cyber risk is not restricted to large companies. According to a new study from Campden Wealth and Schillings cited by consultant Francois Botha (posted at 28% of international families, family offices and family businesses have already been victims of cyber attacks. One incident cost a family $10 million. Almost 50% of ultra high net worth family wealth is managed through family offices, so these firms need to protect themselves from cyber attacks.

By 2021 cyber crime is projected to cost $6 trillion, with 90% of all companies as victims. Emile Salawi, head of family offices of BNP Paribas, is quoted by Botha as saying “Traditionally, families have relied on banks to exercise necessary governance and compliance  requirements when it comes to protecting information and funds, but the time has come for families and family offices to take more responsibility for the protection of their own data…”.

For large and small businesses, 92% of malware is delivered by email, through phishing or impersonation of authorized individuals. Ransomware and cyrptojacking (unauthorized use of computers to mine cryptocurrency) are newer threats. Organized criminals monitor social networks for sensitive information.

Why are family offices targeted? According to Botha

  • 40% do not have a dedicated cyber-security policy.
  • There is under-investment in information technology.
  • Governance structures and information security guidelines are informal.
  • High profile offices have extortion value and are subject to reputational threats.

Botha recommends using a third party specialist to draw up and review information security policies and procedures.Specific recommendations include

  • An authentication process to verify wire transfers and other transactions.
  • Encrypting emails with private information.
  • Back up data off-site.
  • Regular cyber audits.
  • Clear rules regarding opening links or attachments (best rule: verify before  opening).
  • Separate personal and company information; do not store sensitive information on insecure personal devices, or share it on social media.
  • Use prescribed security tools to access company information.
  • Update IT systems and devices; upgrade as required.
  • Have a clear cyber-attack response plan.
  • Purchase cyber insurance. Policies are available for small businesses, and high net worth individuals can also get coverage.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.