A recent study asked high net worth investors which of the following issues they were most concerned about: terrorism, data security, or a major illness. The most prevalent response might surprise you. Seventy-two percent of the investors surveyed ranked data security as their top concern, followed by terrorism and then a major illness.
The study, conducted by Morgan Stanley, surveyed high net worth individuals between the ages of 25 and 75, the majority of whom already had been victimized by cybercrime. Fifty-six percent have had data compromised by malware or a computer virus and 40% have had their credit or debit card information stolen. Eight percent of the respondents said that their financial accounts had been hacked or compromised.
Even more telling, almost 60% of the investors surveyed were worried that they would be victimized by a cybercrime “without even realizing it,” and 81% said it was “difficult knowing how to protect [themselves] from identity theft with technology changing so quickly.”
These statistics are far from surprising. Hardly a day goes by without a new report of a cyber-attack or security breach that has put financial information, healthcare data or other sensitive information into the hands of hackers.
And for family offices and high net worth investors, data security fits squarely within the traditional areas of asset protection and wealth preservation.
One of the most common cyber threats to family offices and high net worth investors is “business email compromise,” essentially spoof emails that very closely mimic a legitimate email but seek to illegally transfer funds to a foreign bank account held by the cybercriminals. Once the funds leave the family office or investor’s account, they are nearly impossible to recover. This scam has become so widespread that the FBI has issued private sector alerts to warn of this criminal activity.
While there are the obvious precautions such as keeping operating systems and software up to date and being careful with the use (and safekeeping) of passwords, off-the-shelf solutions only go so far especially with family offices and high net worth investors whose investment assets are more sophisticated and global, making them attractive targets for cybercriminals.
Here are a few steps for family offices and high net worth investors to consider, with the caveat that there is no one-size-fits-all approach:
• Inventory investment assets including custody arrangements, access control and general information security;
• Review data security precautions taken by asset managers, financial institutions and other investment advisers including provisions in investment agreements and customer documents including third-party providers that might have access to your data or assets;
• Look at risk of loss provisions in these agreements including liability when there is a data breach;
• Ensure that your financial institutions, investment advisers and broker-dealers comply with governing data security regulations;
• Consider outside experts as resources permit; and,
• Review insurance policies and consider cyber or fraud coverage when necessary.
While there is no simple solution to the growing risks posed by cybercrime, doing nothing is no longer an option.