Among the wealthy, a personal cybersecurity concierge is becoming a necessary perk.

• Recent high-profile hacking cases, such as the Jeff Bezos phone hack and the Twitter accounts of Bill Gates and Elon Musk, have shown how vulnerable wealthy individuals are to cyberattacks.
• Cybercriminals are increasingly targeting billionaires on their personal devices and at home, prompting wealth managers, family offices, and executives to seek cybersecurity concierge services for enhanced protection.

Wealthy individuals are increasingly becoming targets of cybercriminals, hence the need for cybersecurity concierges among the rich and their families, including executives.

Although companies invest heavily in cybersecurity, personal and home devices are often less secure, making them more vulnerable to hacking. Additionally, family offices and wealthy families do not consider themselves targets for cyberattacks because such incidents are rarely publicized.

High-net worth families, some of which have the resources of big companies with hundreds of millions or even billions, are now considered low-hanging fruit, but they are not as secure, according to Bill Roth, CEO of HardTarget, a cyber resilience firm for high-net worth families, advisors, and family offices.

Cybersecurity incidents are often not disclosed unless there is a public fallout. In 2018, Jeff Bezos' phone was hacked and a malicious video file was sent to him through WhatsApp by the Saudi Crown Prince Mohammed bin Salman. The hacking became public knowledge after photos of him with Lauren Sanchez were leaked. In 2022, the Twitter accounts of Bill Gates, Elon Musk, and other prominent individuals were hacked to promote a bitcoin scheme.

High-net worth families are experiencing significant breaches, including reputational, data, and ransomware attacks, but these incidents are often not made public, according to Bobby Stover, family office and family enterprise leader at Ernst & Young.

The lack of transparency regarding breaches exacerbates the issue because many affluent individuals are unaware of how frequently they occur. Families are not obligated to disclose a breach, unlike corporations or wealth managers. Additionally, they may choose to conceal any breach due to shame.

Anwar Visram, co-founder of HardTarget, remembered how a family contacted him after their son was targeted by an extortion scheme that shifted from Tinder to Instagram. The son initially paid the initial $500 ransom, but because it was paid promptly, it sparked the interest of the extortionists who increased the ransom to $3,000. Despite shutting down all social media accounts, the son's identity was discovered, and the extortionists went straight to the family's head, the founder of a wealth management firm, to demand $100,000.

JPMorgan high-net-worth clients get help

Family offices and wealth managers are increasingly discussing cybersecurity with their high-net-worth clients, not only securing their own platforms and preventing sensitive information from being sent via email, but also taking steps to safeguard their clients' home networks and devices.

JPMorgan Private Bank provides cybersecurity assistance, lifestyle services, and travel arrangements to its ultra-high net worth clients. The bank's in-house team, known as the Advice Lab, specializes in a range of topics, including taxes and cybersecurity.

"Ileana Van Der Linde, head of cyber advisory at JPMorgan Asset & Wealth Management, stated that ultra-high net worth individuals, families, and family offices may have wealth but often lack defenses. She emphasized that a common misconception among family offices is that they are small and unnoticed, but in reality, 75% of cyberattacks target small and medium-sized businesses."

Despite the fact that 24% of family offices surveyed have experienced a cybersecurity breach or financial fraud, 20% do not have cybersecurity measures in place.

Visram stated that the common mindset is, "I'm too smart; it'll never happen to me; I've never heard of this."

A Silicon Valley executive who lost $400,000 in a real estate scam revealed to CNBC that nobody was prepared for what was to come.

Van Der Linde and her team educate clients on improving security by changing privacy and location settings on phones, adding multi-factor authentication to accounts, and identifying suspect emails. Additionally, the private bank can utilize JPMorgan corporate's IT resources.

"We can do a lot of things ourselves, but we evaluate where we see the need is," she said. She remembered a client with seven children and five devices each, and knew that changing passwords on all 35 devices would be a lot of work, so "we might suggest a concierge," she said.

Family office gaps in cyber defense

Cyber concierges are assisting in closing the cybersecurity loopholes. Family offices, similar to small- and medium-sized enterprises, are being overlooked. Enterprise cybersecurity solutions are often too large, costly, or difficult to manage. Ernst & Young, typically working with larger corporations, offers a solution to detect and prevent data breaches for a yearly cost of $300,000 to $500,000. However, personal cybersecurity solutions do not provide adequate protection.

Securing multiple homes and online systems with cameras, devices, and networks is becoming increasingly complex for wealthy families, as the number of connected devices increases the workload.

Cyber concierge services prioritize education and conduct on-site visits to guarantee secure system setup. BlackCloak, a cybersecurity provider, claims to offer 24/7, 365-day protection. Chris Pierson, founder of BlackCloak, stated, "We're their digital bodyguards, and we protect them."

In a 2023 survey of IT professionals sponsored by BlackCloak, 42% of respondents reported that their executives and family members had been targeted by cybercriminals, while 25% said they had experienced an average of seven attacks or more in the past two years.

Since the recent unrest in Israel, there has been a significant increase in high-net-worth clients seeking to remove their personal information from social media, public databases, and other sources.

Ernst & Young's Stover stated that cybercriminals are taking a more strategic approach to targeting organizations, conducting extensive research before launching attacks at the most opportune times. According to a study by EY involving 500 c-suite and cybersecurity leaders, the average organization experienced 44 "significant" cyber incidents annually, with it taking an average of six months to detect any issues.

Stover stated that cyber breaches often involve someone strategically listening and taking actions. They may not need to attempt to steal data, but can instead use the information to cause harm in other ways.

Pierson discovered that a bank CEO's smart home technology, which controlled lighting, doors, heating, pool, and movie theaters, was accessible to anyone on the internet. He explained that if the system was not set up correctly or not secured and updated, it posed a risk, similar to unlocked doors.

As more of life and business move online, the risks are intensifying.

""In the physical world, people have their own security and bodyguards when they have an elevated risk profile. Similarly, in the digital world, people have their own security measures to protect themselves," said Christopher Budd, director at cybersecurity firm Sophos."