Cyberattacks are a top concern for family offices: When RSM surveyed 100 family offices in the U.S and Canada, 12% of single-family offices said they had experienced a cyberattack in the past year. Attacks included data theft, malware, ransomware, identity theft, an external data breach or a family member data breach. Consequences included financial loss and disclosure of personal information.
According to the 2024 RSM Family Office Operational Excellence report, one respondent noted that family offices can be particularly vulnerable to cyberattacks because they are less likely to have the types of risk management strategies in place that, for example, public companies do. And they clearly know this is a vulnerability: 83% of single family office respondents cited a cyberattack or data breach as one of their biggest operational risks. The concern was greater for larger family offices (89% cited a cyberattack as one of the biggest areas of concern) than for small ones (65%).
Family offices do have some measures in place to protect against — or recover from — cyberattacks. The most commonly cited: backup servers (79%), data security policies (53%) and business continuity plans (51%).
There was some variation depending on the size of the family office. For example, large family offices were most likely to have data security policies in place: 61% had them, compared with 51% of midsize family offices and 38% of small ones. The same variation was apparent for backup servers, though they were more common at every size: 86% of large family offices had them, compared with 77% of midsize family offices and 71% of small ones.