Family offices hold a high concentration of financial, legal, and personal information in a small operation that often lacks the security posture of the principals they serve. They are increasingly targeted, and the targeting has moved from broad campaigns to deliberate work against named offices identified through public filings and adviser networks.
What the attacker is after is not always the ransom. The information held by a family office (estate plans, trust structures, account access, the correspondence between principal and adviser) is itself valuable. A breach can be quietly monetised over years through targeted secondary attacks, sale of the data to other actors, or use of it to inform impersonation of the principal in dealings with third parties.
The operating posture of a small office is the weakness. The same five people who handle the accounts also handle the IT, the procurement, the travel bookings. Specialist defence is rarely a full role. The standards that apply in the principal's largest commercial holdings do not always apply in the office that handles their personal affairs.
The remedy is structural, not technical: a clear division between operational and administrative systems, professional security oversight on a continuing basis, and a deliberate posture on what the office holds versus what it stores elsewhere. The administrative work is dull; its absence is the opening through which the attacker enters.
·
Most readers of this category miss what is in front of them. A careful reader does not.
More from the desk
The leaked database and what resurfaces years later
The third-party vendor as the route in
Why the case for protection grows stronger each year
What the next decade of records will look like
The banker who leaves, and what they carry
Domain spoofing and the near-perfect email