A recent Deloitte report highlights that family offices are increasingly being targeted by cyber attacks, but many are not adequately prepared to defend against them.
The Family Office Cybersecurity Report 2024 reveals that nearly 43% of family offices worldwide — which collectively manage over $3 trillion in assets — have experienced cyber attacks in the past two years. Of those affected, half endured three or more attacks during that period.
Alarmingly, there’s a disconnect between the frequency of these attacks and the measures taken to prevent them. About 31% of family offices lack a formal cyber incident response plan, while 43% acknowledge that their existing plan “could be better.” Only 26% of family offices claim to have a “robust” cybersecurity plan in place.
Regional and Size-Based Vulnerabilities
North American family offices appear to be at greater risk than their counterparts in other regions. Around 57% of North American family offices reported a cyber attack, compared to 41% in Europe and 24% in the Asia-Pacific region. According to Deloitte, North America’s vulnerability is due to the region’s complex digital landscape, wealth, and global influence.
Larger family offices, particularly those managing over $1 billion in assets, are also more likely to be targeted. About 62% of these larger offices reported an attack, compared to 38% of those managing less than $1 billion. Moreover, larger family offices are more prone to repeated attacks, with 46% experiencing three or more incidents, versus just 15% of smaller offices.
Unseen Threats and Common Attack Methods
The actual number of cyber attacks may be even higher than reported, as some family offices may be unaware of breaches that did not result in immediate losses or damage. Deloitte highlighted phishing and malware as the most common types of attacks, with 93% of affected family offices reporting phishing emails as a primary threat.
Other common attack methods include:
- Phishing & Business Email Compromise: Using fake but convincing emails to trick recipients into sharing sensitive data or transferring funds.
- Malware: Malicious software designed to compromise systems.
- Social Engineering: Manipulating individuals to perform unsafe actions.
- Third-Party Risks: Vulnerabilities introduced through vendors or contractors.
- Insider Threats: Employees accessing confidential information without authorization.
A Call for Proactive Cybersecurity
A US family office CEO warned, “Cyber criminals often target low-hanging fruit. The less effort you put into cybersecurity, the more likely you are to be attacked.” The report stresses that while investing in cybersecurity may feel like a “negatively skewed investment” — where the best outcome is avoiding problems — failing to invest could lead to catastrophic losses.
Growing Family Office Sector and Rising Wealth
The study comes amid the continued expansion of the family office sector. Deloitte estimates that the number of single-family offices has grown from 6,130 in 2019 to 8,030 in 2024 and is projected to exceed 10,720 by 2030. Similarly, the total wealth managed by family offices is expected to grow from $3.3 trillion in 2019 to $9.5 trillion by 2030 — an increase of 189%.
