Key Findings

1. Reactionary mindset highlights complacent risk management culture at family offices

Awareness has improved since our 2020 report in terms of the proportion of family offices underestimating risks declining from 42% to 30% today. However, the percentage of family offices reporting a “reactionary rather than preventative approach” has increased from about one in four to one in three. Furthermore, nearly one-third cite a lack of family concern/awareness of risks as a key challenge. This reflects wider deficiencies in the risk management culture that need to be addressed.

2. Family offices continue to lack robust insider threat programs

Negative publicity, scandals or ethical lapses can damage the family's reputation and erode trust with stakeholders, affecting relationships and business opportunities. Family is pinpointed as the biggest potential source of reputational risk (36%). Plus, only half of family office staff participate in risk mitigation and security training. Furthermore, while four in five conduct pre-employment background checks on all staff, only 37% periodically reassess the security profile of employees. This gap between pre-employment checks and ongoing security profiling indicates low usage of intelligence, due diligence and security tools that can monitor employees and address diligence issues.

3. Family offices view technology as a risk management magic bullet

Nearly half of family offices believe that technology upgrades are the most important lever for modernizing risk programs. However, technology should not be used as a one-size-fits-all solution to fill all risk management gaps. Technology advancements can aid in a variety of risk management issues, but they should not come at the expense of investing in human capital development and process improvement.

4. Family offices still slow to strengthen cybersecurity as threats multiply

Seven in 10 family offices see a greater likelihood of a cyberattack today, with the number of North American family offices suffering recent attacks rising to 25% now, up from 17% in 2020. Despite the clear and obvious threats, only 31% have robust cyber risk capabilities and just 29% say staff training programs are sufficient. This uncovers an alarming gap between levels of cyber concern and preparedness, highlighting the need for outside firms to conduct regular cybersecurity audits and potentially simulate attacks to better prepare for actual cyber-criminal behavior.

5. Staff shortages are creating holes in risk management defenses

Three in 10 family offices are short staffed in critical areas such as IT/cybersecurity, general risk management and investment management. This is an ingrained issue, with key person risk seen as the biggest staff risk and attracting and retaining talent also considered a major risk, illustrating this perennial problem in the family office space. Family offices should view human capital as a critical component of their “quality of life balance sheet” spanning family members, staff and even portfolio companies. The blind spots around actively managing human capital expose family offices to other risks including tax and investment. 

6. Insurance gaps expose family offices to potential big losses, as coverage varies regionally

Our data indicates that cyber insurance is held by nearly half of North American family offices, compared to just over a third in other regions. Such thin coverage potentially exposes offices to huge losses should an attack materialize and underlines the need for development of cyber insurance coverage outside North America. Paradoxically, family offices rely on insurance as their first line of defense in the event of a cyberattack. This disconnect underlines the need for more frequent interactions with trusted partners, including insurance firms and legal advisors. Gaps also exist in other insurance realms, with 60% saying family members serving as trustees lack trustee insurance.

7. European family offices are less confident about quality of and access to health care

While most agree that primary care physicians understand their needs and goals, only a third of European family offices receive support from their primary care doctor while travelling. Also, European family offices display heightened concern over accessing health care services when needed. Every minute counts in emergency situations, and prompt access can be a matter of life and death. However, it's not just about the immediacy of care—it's also about ensuring patients receive the right care from the appropriate medical providers.

8. Outsourcing aviation operations potentially creates risks

Two-thirds (65%) of family offices operating private aircraft prefer to outsource key functions to specialized aviation professionals. Additionally, only 32% have an emergency response plan to manage aviation crises—an essential component when protecting family privacy and coordinating with different government agencies.

9. Geopolitical instability is rising but remains a largely unmitigated risk

More than half (55%) are concerned about geopolitical instability as conflicts play out across the world. Despite being one of the top risk management concerns, only 17% have clear plans and processes to protect against these wide-ranging and potentially impactful unknowns.

10. Reliance on subpar external support could leave family offices exposed

The small proportion of external advisors proactively flagging key risks suggests support in some areas is lacking or superficial. However, advisors are not being helped by internal parties responsible for obtaining legal and risk advice who may be in over their heads. Only half (55%) say internal teams know the right questions to ask advisors about managing and mitigating risks.