The world’s UHNW cohort may have sprawling real estate portfolios, luxury jets, yachts bigger than most apartments, and private investments that will set up their families for life. Yet, despite their immense wealth, many are failing to spend on the one thing that can protect all these assets and investments from criminals: robust cybersecurity.

That’s the stark warning of Carl Froggett, chief information officer at cybersecurity firm Deep Instinct and former cybersecurity chief at investment bank Citi. Froggett claims that hackers are actively targeting wealthy individuals and family offices due to weak cyber defences and poor cyber hygiene. In fact, a 2024 study conducted by professional services giant Deloitte found that hackers have launched cyber-attacks on 43 per cent of global family offices in the past two years.

Describing rich people as “easier targets than larger financial institutions”, Froggett says they’re more susceptible to cybercrime because they typically use cybersecurity tools aimed at general consumers, aren’t deploying adequate cyber defences in line with the fast-expanding cyber threat landscape, and are failing to monitor their accounts and devices for signs of suspicious activity.

While many simply may not understand the latest cyber threats and how to stay safe online, Froggett says some choose not to implement cyber defences as they simply don’t have enough time, or because they’re not compelled to do so by regulators. Add to this the act that, after inevitably falling victim to cybercrime, they may not report it to the appropriate authorities because of privacy and reputational concerns, Froggett says UHNWs become “low-risk, high-reward targets for attackers”.

Huge rewards

When it comes to targeting the wealthy, hackers are predominantly motivated by money. But, besides the potential of huge payouts, Froggett says successfully breaching the cyber defences of rich people enables hackers to “build their reputation within their criminal circles”.

Threat actors can also use cyber-attacks as a means to steal sensitive business and personal data for the purpose of espionage, blackmail and inflicting reputational harm, says Kevin Barrett, managing director of private and commercial banking at British private bank Arbuthnot Latham. This data is often used as part of “longer-term schemes and large-scale frauds,” he adds.

With most state-of-the-art real estate boasting the latest smart home technologies, Barrett says hacking can also allow criminals to bypass physical security measures to get into the homes and offices of the rich. Whether physical or virtual, he tells Luxury London that these attacks can “severely impact both personal lives and business interests”.

Advanced tactics

Finding the right target and lowering their guard has never been easier, either. With so much information readily available online and in the media, Froggett says hackers can build a detailed picture of victims’ lives for use in tailored hacking campaigns.

Many of these attacks convince rich people to part ways with their money and personal information through methods like ‘spear phishing’. Marc Rivero, a lead security researcher at cybersecurity firm Kaspersky, notes how a cyber crook might send an email that looks like it’s from a victim’s financial advisor or bank – a tactic likely to reel in a time-poor UHNW individual used to merely glancing at their emails.

Advancements in artificial intelligence technology also mean hackers can now generate deep fakes – synthetic video and audio clips of trusted advisors and colleagues – to con rich people over voice and video calls, rather than just email.

Chris Pierson, CEO of digital executive protection service BlackCloak, says this fast-growing attack vector is impersonating executives, fooling personal assistants and tricking wealthy people into authorising wire transfers. He adds: “We expect to see more hyper-personalised phishing attacks generated using generative AI, and an increase in attacks on digital assets like cryptocurrencies, NFTs, and alternative investments."

And even if wealthy people implement basic digital security practices, like multi-factor authentication, their precious data and funds aren’t necessarily safe from hackers. Truman Kain, senior researcher at cybersecurity platform Huntress, explains how cyber criminals can use a tactic known as SIM swapping to defraud mobile phone operators into transferring victims’ numbers onto their own SIM cards for accessing multi-factor authentication codes and taking over accounts.

Insider threats are also common in the world of the rich and successful. Truman explains that criminal gangs and unscrupulous nation states may bribe or extort household and family office staff into sharing access to sensitive information, accounts and physical premises. This sentiment is echoed by Froggett, who says many attacks targeting rich people begin with “busy executives or personal assistants as entry points”.

Mitigating the risks

Staying ahead of hackers requires wealthy people to develop basic cyber hygiene best practices, at the very minimum. According to Spencer Summons – a cybersecurity leader who works with high-net-worth individuals and corporations – these should include understanding common threats like phishing, being cautious when sharing information online and encouraging family members to do the same.

He also recommends setting strong and unique passwords, storing them in a password manager app, implementing multi-factor authentication, regularly updating the software of all devices and apps, and backing up personal and corporate data.

Like Summons, Froggett recommends that wealthy people implement software updates on a regular basis. Rebooting devices frequently is paramount, too, but these things needn’t be time-consuming, as most modern operating systems and platforms provide automated updates. He adds: “Reboot weekly to apply updates and disrupt malicious activity.”

As well as updating software, Froggett encourages the wealthy to secure their devices using biometrics, PIN codes or passwords to prevent unauthorised access. Social media accounts should also be secured while he also advises using tablets rather than consumer-grade PCs because they sport smaller attack surfaces.

Other simple recommendations from Froggett include the use and safe storage of account recovery options from vendors like Google and Microsoft, verification of all incoming communications and caution when sharing data with third parties.

Froggett adds that the best way to secure critical data is to create a backup located on a separate server from the day-to-day business. Breach simulations can also help rich people see how a potential attack would unfold so that they can improve their cybersecurity posture accordingly, he says.

Nivedita Murthy, senior security consultant at application security firm Black Duck, stresses the importance of verifying the credibility of apps before installing and using them. This is because many apps, even those available through credible app marketplaces like the Google Play Store, contain information-stealing malware. She also recommends using a secure network at home and in public spaces.

Considering the extensive range of existing and emerging online security risks, Kain thinks wealthy people are best protected by opting for a layered cybersecurity approach. He explains: “That means strong authentication, staff training, secure communication practices, and trusted professionals a phone call away.”

Recovering from an attack

In the event of a cyber-attack or data breach, Summons says it’s vital to report the incident to internal IT and security teams, create new passwords, check online accounts for unusual activity, use an antivirus solution to scan and remove malware from devices and access expert advice from organisations like the National Cyber Security Centre.

Peter Connolly, founder and CEO of security firm Toro Solutions, emphasises the vital role incident response plans play in helping people recover from a cyber-attack. Such plans should detail ways to contain attacks, notify affected stakeholders of incidents and preserve evidence for subsequent investigations.

“Transparency can help maintain trust during a crisis and ensures that everyone is aware of the situation,” he adds. “Additionally, family offices should check their cyber insurance policies to ensure they have adequate coverage for the breach and can recover financially.”

Whether they like it or not, investing in a strong cybersecurity strategy should be a core focus of the day-to-day activities of wealthy people and family offices. Without this, they – and their money – are greatly exposed to all sorts of nefarious actors, from cyber criminals to insider traders. Even the most basic cyber protections, like the use of strong passwords and implementing multi-factor authentication, can make a big difference. But what's clear is that a comprehensive, multi-faceted cyber strategy and incident response plan will offer the strongest protection against the latest hacking techniques.

Read more: The security complexities of superyachts for modern families