Twenty-eight percent of international families, family offices and family businesses have been targets of cyberattacks in the past, according to a new study from Campden Wealth and Schillings.

Of those that have suffered an attack, 77% said they had been subject to phishing, a form of social engineering attack that targets a specific individual as a way into the family.

The study also found that although 98% of participants said reputation was important to their family’s success, 38% did not have a cybersecurity plan in place.

“There is a fine line between complacency and confidence,” Schillings’ chief executive and partner Rod Christie-Miller said in a statement. “The link between private and confidential information being stolen, and the impact this can have on reputation, is not being made.”

Recent research showed that inadvertent breaches prompted by internal users accounted for 61% of cyberattack incidents.

Cybercriminals regularly make use of publicly available information to improve their success rate, yet the study revealed that 51% of respondents had never audited, or did not know whether they had audited, their publicly available information.

Christie-Miller noted that attacks can result in blackmail, extortion and smear campaigns.

In fact, cyberattacks can be worse — much worse.

Quantitative data analyzed in the report came from an online survey of 121 individuals in Europe, North America, Asia/Pacific and the Middle East, South America and Africa. A big majority of research participants represented single family offices and family businesses, with the average estimated level of family wealth at $1.1 billion.

Eleven qualitative interviews provided context and clarification of the key findings that emerged from the analysis.

Regional Differences

The study uncovered stark regional differences in attitudes to cybersecurity and levels of preparedness.

Forty-one percent of North America families in the study reported attacks, followed by a 32% attack rate in Europe, 15% in Asia/Pacific, and 14% in emerging markets. Interestingly, 20% of Asia/Pacific families were unsure whether they had suffered a cyberattack.

Just 26% of Asia/Pacific families said they had a cybersecurity plan in place, compared with 66% of Europe families, the best-prepared region.

Some six in 10 North American families cited social media as driving the importance of reputation, compared with 20% in Asia/Pacific and 14% in Europe.

Meanwhile, European families were likelier to emphasize increased transparency and disclosure requirements, or previous encounters with business-related reputation issues.

Christie-Miller said cybersecurity could not simply be relegated to the IT department.

“With only a third of respondents undertaking internal cybersecurity awareness training, and with phishing the most cited cause of cyberattack, families need to invest further in their human firewalls, alongside their technical firewalls, while taking a greater interest in their publicly available data before someone else does.”

New guidelines indicate that highly complex passwords are unnecessary.