Multi-Family Office Cybersecurity Considerations

Articles
May 26, 2022

Multi-Family Offices (MFOs) should proactively consider new cyber security compliance laws and regulations, both here and in foreign jurisdictions, that have been enacted or soon will be. The California Consumer Privacy Act (CCPA), the New York Department of Financial Services Cybersecurity Regulation, and the European Union’s General Data Protection Regulation (GDPR) are some examples of recent changes in the cyber security regulatory environment. MFOs need to understand how these changes will impact their operations—a failure to address the issues potentially created by these regulations could negatively impact their businesses and the cyber security health of their clientele.  For example, MFOs that are public companies might be subject to new Securities and Exchange Commission (SEC) guidelines currently under review. The SEC has recently requested comment on a proposed new rule (17 CFR 229, 232, 239, 240, and 249) to “enhance and standardize” risk management, strategy, and governance around cyber disclosures. This rule is a deliberate and well-considered next step intended to inform investors about a company’s efforts to manage cyber risk, establish a strategy that protects its interests, and establish governance around providing timely notification of “material cybersecurity incidents.” It also highlights and underscores the need to have cybersecurity expertise on a company’s Board of Directors.Considering their clientele—and their hyper-mobile, hyper-connected lifestyles—MFOs should already have well-documented and transparent cyber security practices in place, specifically with regard to risk management, incident response, and governance. MFOs frequently outsource or virtualize many of their services to improve efficiency and cut costs. Because an MFO relies on maintaining its reputation and the trust of its clientele, its leadership cannot abdicate its responsibility to maintain strong cyber security—a thorough review of the virtualized service provider’s security protocols is critical. The last thing an MFO wants is to suffer a breach of personally identifiable information (PII) because of poor security provided by the third-party service, exposing the MFO to any litigation that might follow.In this developing cybersecurity and governance environment, MFOs should:

  • Consider the immediate addition of a cyber security expert to their Board of Directors;
  • Have a third-party organization conduct a holistic security assessment, including cyber security, to inform and author a Cyber Security Risk Management Strategy;
  • Begin or continue providing cyber security education and training to all of their personnel;
  • Review their existing cyber incident response plan, including disclosure procedures;
  • Review their current cyber insurance policies and make themselves aware of  any exclusions; and
  • Hire a company to assist in filling any existing gaps in talent, technology, or policies & procedures.

Red Five has provided risk management services to family offices, executives, and enterprises for the past 18 years. We remain the “go-to company” for our clients’ unique needs, bespoke projects, and subscription-based privacy and security services.

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

internal threat analysis
Threat Monitoring

Best Practices for Internal Threat Teams During a Crisis

The recent violence in Israel is a stark reminder of how quickly the security environment can change—often without warning—and raises the risk for a company’s safety of personnel, facilities, and operations. The war in Ukraine continues and other threats loom, which can overwhelm your threat monitoring teams or operations center.
October 10, 2023

How Life Events Change Your Safety and Security Needs

Anytime is a good time to evaluate your family’s privacy, security and resiliency. As the landscape of your family’s lives change, so do your security needs. Evaluate, Plan, and Partner with the right professionals to ensure all your security needs are met.
May 27, 2021
Cyber Security

Evolution of Crypto & Geopolitical Risk

What are some of the geopolitical implications of the rise of crypto and blockchain technologies?
March 29, 2023

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.