The tragic killing of UnitedHealthCare CEO Brian Thompson has heightened concerns about digital security among high-net-worth families. Andrew Cohen explores how this incident is prompting family offices to rethink their cybersecurity strategies, from limiting online exposure to investing in cutting-edge protective measures. Firms like Hush and Summitas are helping families safeguard sensitive information, while AI-driven defenses are becoming an essential tool in the fight against cyber threats.
In our second story, Marcus Baram reports on the continued rise of single-family offices in Singapore, which have now reached 2,000. Favorable tax policies and Singapore’s status as a financial hub are attracting more investors, reinforcing its position as a key wealth management center in Asia.
On a different note, I had the privilege of attending an inspiring event last week in New Orleans, where the PVBLIC Foundation and Big Brothers Big Sisters of America convened leaders to highlight the power of public-private partnerships in driving meaningful change.
The evening’s Painting Bridges Art Auction and Order of St. Lazarus Auction beautifully showcased how art, education and technology can create lasting social impact and foster sustainable development.
We always appreciate your thoughts, feedback and ideas to make this newsletter even more valuable. I look forward to continuing to grow this family office community together. Feel free to reach out at [email protected].
Fred Gabriel, Executive Editor
HANDPICKED: Cybersecurity poses real consequences for family offices
By ANDREW COHEN
The December killing of UnitedHealthCare CEO Brian Thompson has heightened concerns among high-net-worth families about the risks posed by their digital footprints, prompting many family offices to rethink their cybersecurity strategies.
Thompson was shot Dec. 4 outside the Hilton hotel in Midtown Manhattan, where he was scheduled to attend UnitedHealth’s investors meeting — an event publicly detailed in company announcements. While authorities have not directly linked his killing to a cybersecurity breach, the incident has underscored how publicly available information, from corporate filings to social media activity, can expose executives and wealthy individuals to security threats.
In response, family offices are increasingly investing in cybersecurity solutions to safeguard sensitive personal and financial data, reduce online exposure and mitigate risks that could lead to impersonation, fraud or even physical harm.
“The New York incident has made families rethink their privacy and what that really means,” said Bobby Stover, EY Americas family enterprise and family office leader. “I don’t want to be locked so much I can’t do things, but what risk does my digital footprint present to me?”
One of the tech providers at the forefront of protecting the online presence of high-net-worth individuals and their families is Hush, whose sign-ups among single- and multi-family offices have accelerated since Thompson’s killing. Hush’s platform scans the internet and a user’s social profiles to alert them when personal, identifiable information is shown online and then removes those vulnerable or reputation-damaging posts.
For example, a younger member of a family attends a party where “either they take photos of the event or someone else at the party does,” said Mykolas Rambus, a co-founder and CEO of Hush. “Maybe it's a compromising photograph, maybe it has information in the background about an address. Maybe it’s telling someone who shouldn't know that they’re getting ready to leave for vacation for a month in Mallorca. That’s when we flag it and say this is a problematic post, here’s why.
Rambus, who previously was an executive at Forbes Media and CEO of the wealth data firm Wealth-X, recommends that Hush’s affluent clients stay off social media entirely. “We often say the risk of someone being impersonated, the risk of the video they posted being used by someone to pull off a virtual kidnapping, the risk of someone impinging their reputation are substantial on these platforms,” he said. “And the recourse process is only getting more difficult.”
EY has devoted $300 million to building its cybersecurity practice, which serves family offices as well as major financial institutions and companies. For larger family offices, Stover said, families will look to hire a chief risk officer and chief information security officer to lead their internal cybersecurity, while smaller family offices will rely on outsourcing to boutique cybersecurity firms.
One of those firms is Summitas, whose encrypted engagement platform is used by family offices and their advisers to securely share documents related to trusts, wills and tax returns as well as family calendars, vacation plans, financial information and the delegation of tasks. Summitas is SOC 2-compliant, ensuring that it meets the latest cybersecurity standards developed by the American Institute of Certified Public Accountants.
Addressing third-party risk
Performing an overview of all the third-party vendors used by a family office is a critical initial step in cybersecurity planning.
“There’s been a huge uptick in third-party vendors having cybersecurity incidents and then reporting them back to the data owner,” said Annmarie Giblin, a partner in the global cybersecurity and privacy group at the law firm Norton Rose Fulbright.
An example of third-party cybersecurity exposure that can result in vulnerability to burglaries can occur when family offices work with an architect to renovate a home.
“Sadly, it happens where you’ll have an architect who will be involved in renovations; they’ll file a permit with the city or county,” Rambus said. “And the family has gone through great lengths to make sure their properties are held in trusts and obfuscated — and then come to find out it's now public record because the architect forgot to take the family’s name off the filing with the address. Can’t tell you how often that happens.”
Risclarity, a data operations platform for family offices, encourages centralized IT departments to be responsible for routinely updating the software on devices used by family office staff.
“We’ll see family offices on really old versions of general ledgers or really old versions of a software that the vendor no longer supports,” said Mark Wickersham, senior vice president of strategic marketing and business development for Risclarity. “There’s a big risk involved with that because those platforms are no longer being patched.”
AI to fight cybercrime
Risclarity has used NINJIO to share bite-sized cybersecurity training videos with staff and clients. Educational programming to learn how to detect phishing and social-engineering attempts has been deployed at the multi-family office Cresset, but the firm more recently has also developed artificial intelligence to fight cyberattacks.
“We now have some defensive tools that use AI, machine learning and other techniques to identify threats and filter them out of our incoming email and other channels to make sure they never even reach our users,” said Cresset’s chief technology officer, Paul Algreen. “In cybersecurity circles, the human is always the weakest link, they are easiest to fool. Computers are hard to fool because they’re built on programs.”
AI represents a double-edged sword of cyber defense and cyberthreats. Firms such as Cresset and EY have established policies to prevent client data from being shared with third-party AI services such as ChatGPT and instead have developed their own internal generative AI platforms that are monitored by their own IT departments.
“Just because it’s the latest and greatest, doesn't mean you have to put AI into your family office or into your home,” said Giblin, the cybersecurity lawyer. People don’t understand that if you enter information into the public version of a generative technology, that becomes part of its large language models. So if someone gives the right prompts, asks, ‘I want to know where so-and-so lives,’ that might spit it back out because I’ve already entered that information to send a benign email because I didn’t feel like writing it.”
Why Singapore has become such a family office hub
By MARCUS BARAM
More than $5.8 trillion is set to shift between generations in the Asia-Pacific region, fueling an unprecedented surge in family offices.
The number of single-family offices in Hong Kong and Singapore has quadrupled since 2020 to about 4,000 in both jurisdictions, with each managing about $1.3 trillion in offshore assets — second in the world only to Switzerland.
In recent years, both cities have been locked in fierce competition to attract family offices from around the world, offering generous tax incentives and other benefits. So far, Singapore has emerged as the leading destination, with more than 59% of family offices in Asia located in the city-state.
While Hong Kong gained 50 family offices in 2023, Singapore expanded at a much faster rate, from 400 in 2020 to 1,400 in 2023 and then to 2,000 in 2024 — a 43% increase in just the past year, according to the Monetary Authority of Singapore.
Singapore remains a top wealth management hub, even as high costs and tighter regulations pose challenges. However, rapid growth has brought increased scrutiny.
Last year, six single-family offices were linked to a money-laundering scheme, prompting authorities to slow the approval process for tax incentives. At the start of this year, Singapore’s monetary authority said the process would be streamlined. In addition, the city-state introduced a new suite of tax incentives aimed at encouraging local hiring and philanthropic giving.
Some local family offices have made headlines for their investments in Singapore’s deep tech startup scene. Canaan Ventures, for example, is backing early-stage companies in medtech and sensor technology. To further attract tech founders, the government has committed $332 million to build a dedicated facility for such startups.
Most of the family offices flocking to Singapore come from the region — especially mainland China, India and Indonesia — but the monetary authority expects increased wealth flows from Europe and North America.
Manish Tibrewal founded the Singapore-based multifamily office Farro Capital in 2022 with largely Indian clients. Now he is targeting families worldwide, including in the United Kingdom and the United States.
“Singapore offers stability, access to fast-growing Asian markets and a robust financial ecosystem,” he said.
Global investors seeking diversification increasingly view the region as a haven alongside Europe and North America.
Though single-family offices are not required to be licensed in the city-state, since they do not serve third-party clients, the monetary authority plans to require them to register with regulators and comply with certain money-laundering controls.
Establishing a family office in Singapore involves meeting several minimum requirements to qualify for tax benefits: holding at least $20 million in assets under management, employing at least one nonfamily-member investment professional, maintaining a bank account with a Singapore-based institution and spending at least $200,000 locally.
Farro aims to add at least 50 more families to its office in the next two years, Tibrewal said. “We’re optimistic.”
LOOSE CHANGE
Pension fund execs hope private equity spigot reopens: The sector was soundly trounced by the Magnificent Seven in 2024, leading to lower distributions of profits, according to data from Pensions & Investments' annual survey.
Apollo wealth business raked in record capital: A plan by Apollo Global Management to tap the wallets of rich clients is paying off, with its wealth business bringing in record capital last year and boosting assets from the sector 50%.
Dubai adds $100 million mansions to lure ultra-rich: Developers are building the ostentatious mansions and penthouses — some fitted with cinemas, spas and private elevators — to court millionaires from around the world.