Cybercrime is a booming business, and it has devastating consequences. Nearly one in three Americans has been the victim of online financial fraud or cybercrime, according to a 2023 Ipsos survey, with nearly $12.5 billion in losses reported to the FBI’s Internet Crime Complaint Center (IC3) last year alone.
Globally, Cybersecurity Ventures expects cybercrime damages to total $9.5 trillion this year—translating to about $16.4 billion a day.
While no one is immune to cybercrime in today’s digital age, high-net-worth individuals (HNWIs) and families are especially susceptible to online attacks, as hackers often see them as lucrative targets.
“With high-net-worth and ultra-high-net-worth (UHNW) clients, the transactions are typically higher value, so the risk is greater,” says Tara Ambrose, senior manager of Client Risk Prevention at RBC Wealth Management–U.S. “In addition, many high-net-worth families have a public presence, which makes them even more of a target.”
Their businesses are also at risk. Nearly a quarter of family offices in North America have experienced a cyberattack in the past two years, according to the 2023 North America Family Office Report by RBC and Campden Wealth. As such, cybersecurity is the biggest concern for family offices, with 61 percent listing it as their top worry—above any other operational risk.
To protect both assets and reputation, high-net-worth individuals should become familiar with common cyber threats and risk prevention strategies, as well as take steps to enhance their cybersecurity.
Cybercrime tools are becoming more sophisticated
Hackers are getting stronger, ramping up the volume of cyberattacks and using increasingly advanced tactics to evade detection and maximize impact. Evolving technology provides even more opportunities for deception, making the discrepancies between real and fake content or connections harder to detect.
“While high-net-worth individuals are becoming savvier about cybersecurity, technology is also morphing faster than many people can keep up with,” says Bill Ringham, director of Private Wealth Strategies at RBC Wealth Management–U.S. “A cybercriminal is no longer someone sitting in a cyber café trying to get access to your home internet. Today, the more sophisticated operations are run by organized crime groups.”
These groups are using advanced techniques and tools to attack wealthy people, their families and family offices. When successful, the crimes can result not only in financial loss but also reputational damage.
Common cyberattack strategies
Cybercrime might start—or finish—online, but it rarely takes place completely in cyberspace.
“A lot of cybercrime is still dependent on human interaction,” Ambrose says. “The biggest losses I’ve seen have happened when clients or their family members or employees have been deceived by a fraudster. The human element is still crucial for cybercriminals to be successful, as they usually try to convince a person to provide them with a code or password, or move money for them, rather than breaking into a system.”
Some of the most common cybercrime tactics include:
- Phishing: Fake emails or text messages that attempt to trick individuals into clicking a fraudulent link, downloading an infected file or revealing sensitive information such as login credentials, financial details or personal data.
- Ransomware: A type of malicious software (often malware) that locks and encrypts a victim’s data, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.
- Data breaches: Sensitive, confidential or otherwise protected data is accessed or disclosed in an unauthorized fashion.
- Man-in-the-middle (MITM) attacks: The attacker inserts themselves in the middle of a data transaction or online communication, either to steal information or to impersonate one or both of the parties, while making it appear as if a normal exchange is underway.
- Deepfakes: A growing danger due to the rise of artificial intelligence (AI), cybercriminals use AI to create highly believable audio or video content that portrays people and events that are not real or did not actually happen but appear to be authentic. Deepfake technology is often used to spread false information that could harm a person’s or company’s reputation, or to impersonate public figures to gain illegitimate access to their money and information.
How to protect yourself—and your family—from cybercrime
As cybersecurity threats continue to evolve, it’s crucial for high-net-worth individuals to take proactive steps to protect their safety, privacy and legacy.
Consider these practical tips to increase online security and defend yourself, your family and your assets against cybercriminals:
Make a plan
“Scammers rely on heightened emotion, and they try to create panic to make victims act before they have time to think,” Ambrose says.
High-net-worth families and family offices should have policies and procedures in place for how to detect and respond to cyberattacks. With a strategy in place, you can be prepared to respond immediately if an attack occurs.
For example, a plan could include a family password or secret question that must be provided before any money is wired or transferred. This can prevent a criminal from successfully stealing funds by impersonating a family member.
Set ground rules for social media
Social media is a huge vulnerability, so be careful not only about what information you post online, but also what can be seen in the background of photos. HNWIs and their family members should use strict privacy settings and require new followers to be approved. Using a pseudonym or burner identity is also a good idea.
Enable multifactor authentication
Passwords that are easy to guess or used across multiple accounts put you at increased risk for cybercrime. “People don’t change their passwords often enough or use secure passwords,” Ringham says. Using a password phrase, such as a sentence, can boost security, and a secure password manager can help keep track of all your passwords.
For an added layer of protection, you can elect to require multiple forms of verification to access accounts, such as a one-time passcode sent to your phone when you log in. However, be cautious of any requests to provide a one-time passcode that you did not initiate.
Limit access to sensitive information
Rather than allowing broad access to financial and other private information, make it available only to those who need it. Don’t forget to regularly review permissions for authorized individuals.
Criminals can use AI to mimic the email address or voice of someone you trust, so before providing sensitive information—such as account numbers, passwords or codes—to anyone, Ambrose recommends verifying their identity either in person or with a phone call to a trusted number.
“Scammers have even impersonated financial advisors,” she says. “Always take time to confirm the requester’s identity — even if the situation seems dire.”
Engage cybersecurity specialists
Some families hire private security companies with expertise in securing high-net-worth individuals’ digital presence. These partners can conduct risk assessments and penetration testing, as well as monitor threats. They can also provide valuable cybersecurity education and training to family members and staff.
Take extra precautions when traveling
Travel is inherently risky, as criminals target public wireless networks in luxury hotels and airports to gather sensitive data. Before your trip, make sure your electronic data is backed up and protected against viruses and ransomware. Then while you’re away, turn off auto-connect and location-sharing features on your devices, and if you must use public Wi-Fi, always use a virtual private network (VPN) and secure communication channels.
Ultimately, cybercrime prevention and preparedness are critical, and understanding the various ways in which you and your family may be a target is an important step in protecting yourself and your assets.