Skip to Main Content
Legacy Matters
BlogsPublications | September 5, 2019
5 minute read
Legacy Matters

Is Your Family Office Ready For a Cyber Incident?

There are two types of companies: those who have been hacked, and those who don’t yet know
they have been hacked.”  ─  John Chambers, Former CEO of Cisco

When it comes to cyber breaches, it is no longer a matter of “if;” it is a matter of “when.” Whether caused by family member thoughtlessness, employee error or the acts of a skilled data thief, everyone is likely to be the victim of an information breach at some point.

Cyberattacks Aren’t Just For Big Companies

Although cyberattacks become more sophisticated every year, such as the recent breach at Capital One, many hackers go after easy targets where the data is more accessible and the chance of detection is smaller, often hitting small businesses, high net worth individuals and family offices. In fact, a 2017 study by Campden Research stated that of the high net worth Americans surveyed, 41% said their family offices or family businesses had already experienced a cyberattack.1
What makes these groups more accessible? They often:

  • Lack a dedicated IT team and have weaker online security
  • Have older software that hasn’t been purged, upgraded or patched for known vulnerabilities
  • Fail to use encryption technology for storage and transfer of sensitive information
  • Provide many staff members easy access to sensitive data in the name of providing excellent client service
  • Fail to back up data, perform system scans or conduct annual penetration tests on their systems
  • Fail to train staff and family members to be safe users of the internet, email and social media
  • Fail to secure staff and family devices, including Wi-Fi connections from homes

This same Campden report shows that almost 40% of study participants did not have a cybersecurity plan in place. This seems to show that families and their offices are failing to appreciate the damage that cyberattacks can cause them, such as public release of the family’s private information, theft of the family’s assets, ransom requests to unlock encrypted information, or even blackmail or personal security threats against the family.

Be Prepared For a System Breach

Creating a cyber incident response plan can help identify gaps in your data security. In addition, it will prepare you to respond to a suspected breach and manage communications, notifications, insurance claims and other tasks following a breach. Plus, being prepared helps save time, money and embarrassment in the event of a breach.
So, what can a family office or family business do to prepare for the possibility of a cyber breach?

1. Have a team.

  • Know who you will call first when you receive a ransomware demand or suspect that your data has been stolen. This contact person should understand your response plan and know the people in your organization who have the authority to approve the actions necessary to contain the breach and restore your system functions and business activities.
  • Then, create a team of people who are familiar with your systems and business practices, and who can carry out the plan once it is activated – attorneys, IT forensic professionals, communication specialists, etc.

2. Conduct a review.

  • Understand the key information you collect on family members and business activities, and identify legal and contractual obligations regarding the privacy and security of this information.
  • Determine the responsibilities agreed to by service providers who hold or have access to any of your sensitive information, and understand what is at risk and your remedies if a provider is breached.
  • Identify your key systems and controls, key risks, key systems providers and tools available to respond to a cyber incident. Implement tools, contracts, and family and staff training as needed to fill gaps in protection.
  • Scrutinize your cybersecurity insurance coverage to make sure it covers the areas where you will spend money in the event of a breach and it will work with the providers you plan to use as part of your response team.

3. Develop protocols and procedures and test them regularly.

  • Define the circumstances that will trigger your incident response plan.
  • Create prototypes for internal and external communications that can be quickly revised to address the particular incident.
  • Establish protocols for notification of any law enforcement agencies, insurance companies, service providers, etc.
  • Test your systems and the response plan in a simulated cybersecurity incident each year.

4. Have a plan to contain the breach quickly and manage information.

Have response team members on stand-by who can:

  • Determine the nature of the event and contain it
  • Identify information or systems that have been accessed
  • Restore systems back to normal while ensuring the preservation of records and evidence
  • Conduct an investigation and notify law enforcement if necessary
  • Communicate with staff and family members and provide legally necessary notifications
  • File injunctions to prevent publication of stolen information or respond to threats of litigation
  • Notify and work with your insurance company

Warner’s Cyber Incident Response Team

If you have a goal to be prepared, but planning for cybersecurity keeps getting pushed to the bottom of your never-ending “to do” list, Warner can help you move forward. Our Cyber Incident Response Service provides a team of attorneys, IT forensic professionals and crisis communications specialists to help your family office or business conduct a review of your current situation and develop your data incident response plan.

Then, in the event you have an incident, a Warner attorney will be your first point of contact, and the team will execute your response plan, assist with follow-up matters such as insurance claims, and conduct a post-incident review to present to your leadership group or board of directors. Because Warner manages the response team, the IT forensic and crisis communications firms work under our direction to protect the investigation and communications with attorney-client and attorney work product privileges to the extent possible.

If you would like more information on working with our team or preparing your family office or business for a cyber incident, please contact Rodney Martin (616.752.2138 or or Mark Harder (616.396.3225 or  

1Campden Wealth. (2017). More than a quarter of UHNW families targeted by cyberattack. Retrieved from