Recent high-profile hacks, including the hacking of Jeff Bezos’ phone and the Twitter accounts of Bill Gates and Elon Musk, have highlighted how vulnerable the wealthy are to cyberattacks. But billionaires aren’t the only ones being targeted by cybercriminals on their personal devices and in their homes. Wealth managers, family offices and corporate executives are turning to cybersecurity concierge services for a higher level of defense.
Matthias Kulka | Image Bank | Getty Images
As cybercriminals increasingly target the wealthy, cybersecurity concierges have become the new must-have for business owners and their families.
While companies spend billions on cybersecurity, personal and home devices are generally poorly protected and easily breached, and despite their vast wealth and the growing threat of cyberattacks, family offices and wealthy households do not see themselves as targets because hacks are rarely publicized.
“The easy pickings now are the wealthy families, some of whom have assets as large as corporations with hundreds of millions and billions of assets, but they’re not as secure,” said Bill Ross, CEO of Hard Target, a cyber resilience company that serves wealthy families, advisors and family offices.
Cybersecurity incidents go unnoticed unless they impact the public in some way. Jeff Bezos’ phone was hacked in 2018 when Saudi Crown Prince Mohammed bin Salman allegedly sent a malicious video file to Bezos via WhatsApp. The hack also exposed photos of Bezos and Lauren Sanchez, which became public. In 2022, the Twitter accounts of Bill Gates, Elon Musk and other celebrities were hacked to promote their Bitcoin plans.
“There have been massive data breaches with reputational damage, data theft, ransomware — they’ve all happened to wealthy families, they’re just not being made public,” said Bobby Stover, family office and family enterprise leader at Ernst & Young.
Secrecy around breaches further complicates the problem, as many wealthy people don’t know how often they occur. Unlike corporations or wealth managers, families don’t have to publicly disclose breaches, and they’re also more likely to keep quiet about them out of embarrassment.
Hard Target co-founder Anwar Vislam recalled one time a family contacted him after their son stumbled upon an extortion plot that had moved from Tinder to Instagram. The son initially paid a $500 ransom, but his quick payment piqued the blackmailer’s interest, so the ransom was raised to $3,000. By that time, the son had shut down all his social media accounts, but the blackmailers had tracked down his identity and demanded $100,000 from the family patriarch, the founder of a wealth management company.
JPMorgan’s wealthy clients get help
To combat the growing risk of cyber breaches, family offices and asset managers are having more frequent discussions with their high-net-worth clients about cybersecurity. Not only are the firms working to protect their own platforms and stop clients from sending sensitive information over email, but they’re also working to secure clients’ home networks and devices.
JPMorgan Private Bank, which offers lifestyle and travel services as well as cybersecurity assistance to ultra-high net worth clients, has an in-house team called the “Advice Lab” that covers a range of topics from tax to cybersecurity.
“Ultra-high-net-worth individuals, families and family offices have wealth but typically have far fewer defenses,” said Ileana van der Linde, head of cyber advisory at JPMorgan Asset & Wealth Management. “I think one of the misconceptions, especially with family offices, is, ‘We’re small, no one’s paying attention,’ but 75% of all cyber attacks are aimed at small and medium-sized businesses.”
According to JPMorgan Private Bank’s 2024 Global Family Office Report, 24% of family offices surveyed said they had been victims of a cybersecurity breach or financial fraud, yet 20% have no cybersecurity measures in place.
“Most people think, ‘I’m smart, this will never happen to me. I’ve never heard of this,'” Visram said.
“Nobody is prepared for what’s coming,” a Silicon Valley executive who lost $400,000 in a real estate scam told CNBC this week.
To raise awareness and improve security, van der Linde and her team educate clients and help them with tasks like changing privacy and location settings on their phones, adding multi-factor authentication to their accounts, identifying suspicious emails, etc. The private bank also has access to IT resources at JPMorgan’s headquarters.
“There’s a lot of things you can do yourself, but we evaluate what our customers need,” she said. She knew that for a family with seven kids, each with five devices, changing the passwords on all 35 devices would be a daunting task, so “we might recommend a concierge there.”
Gaps in Family Office Cyber Defense
Cyber concierges are helping to fill the cybersecurity gap. Like small businesses, family offices are an underserved market. Enterprise cybersecurity solutions are typically too big, too expensive or too cumbersome. Ernst & Young, which typically works with large corporate clients, offers a solution to help companies detect and prevent data breaches, but it can cost $300,000 to $500,000 per year. Personal cybersecurity solutions, meanwhile, don’t offer enough protection.
Cybersecurity is also becoming more complex, especially for wealthy families who own multiple homes and have online security systems with cameras, devices and networks. The more connected devices there are, the more work it takes to secure them.
Cyber concierge services focus on education and make on-site visits to make sure systems are configured securely. One cybersecurity provider, BlackCloak, says it offers 24/7 protection. “We act as their digital bodyguard,” says Chris Pearson, who started BlackCloak after working for the U.S. government and corporations and seeing individuals targeted outside of work. “I really wanted that solution,” he says.
According to a 2023 Ponemon Institute survey of IT professionals sponsored by Blackcloak, 42% of respondents said that executives or family members at their companies had been attacked by cybercriminals, and 25% said they had experienced an average of seven or more attacks in the past two years.
The risks are constantly changing, and van der Linde noted that since the recent unrest in Israel, he has seen a significant increase in high-net-worth clients wanting to remove their personal information from social media, public databases and other sources.
Ernst & Young’s Stover said he sees cybercriminals taking their time to narrow down their targets, research, and launch opportunistic attacks: An EY survey of 500 executives and cybersecurity leaders found that their organizations experience an average of 44 “significant” cyber incidents per year, and it takes organizations an average of six months to realize something is wrong.
“What we’re finding in a lot of these cyber breaches is that someone is listening and acting strategically, even if they’re not trying to steal, they can use the information to go elsewhere and do harm,” Stover said.
Pearson came across a case where a bank CEO discovered his entire internet-connected home camera and alarm system was available for anyone to see. He said this wasn’t a simple off-the-shelf system like Amazon’s Alexa, but complex smart home technology that controls lights, doors, heating, pools and cinemas. “If it’s misconfigured, not secured and not updated, it creates risk. It’s like having an unlocked door,” he said.
As more of our lives and businesses are conducted online, the risks are increasing.
“Whatever is happening in the real world is happening in the digital world,” said Christopher Budd, a director at cybersecurity firm Sophos. “Just as people who feel at high risk in the real world hire their own personal security guards or bodyguards, it makes sense that something similar is happening in the digital world.”
