Buzzwords like technology and cybersecurity are used constantly — but how those terms are defined can be elusive for many family offices. Crain Currency asked Tony Gebely, CEO of Annapurna Cyber Security Advisors, to demystify cyber and share what he views as the top threats facing wealthy families this year.
Let’s start here: Can you demystify cyber? Where do families even begin?
Let’s start by defining cybersecurity. In its most simple sense, cybersecurity is a continuous process and set of practices aimed at protecting your electronic devices, networks and private information from unauthorized access, use, disclosure, disruption, modification or destruction by cybercriminals and other malicious actors — and recovering quickly and efficiently in case of an incident.
For many family offices, the complexity and ever-changing nature of cyber threats can be overwhelming and confusing, hindering their ability to effectively address cybersecurity. Many factors contribute to the challenges of comprehending and effectively managing cyber threats.
First, addressing cyber threats involves both technological aspects and human factors, processes, policies and education. This necessitates a holistic approach to ensure that all potential vulnerabilities and attack vectors are considered while crafting a robust cybersecurity strategy, which serves as a solution to these threats.
Furthermore, the landscape of threats and vulnerabilities is perpetually shifting. New vulnerabilities emerge as technologies evolve, and threat actors continuously adapt their tactics, techniques and procedures to exploit these weaknesses. This dynamic nature of cyber threats requires constant vigilance and ongoing adaptation of cybersecurity strategies to keep pace with the ever-changing threat landscape.
A practical starting point for families is to adopt a recognized cybersecurity framework such as the NIST Cybersecurity Framework or the Center for Internet Security’s Framework. These frameworks are comprehensive, providing guidelines to assess current security measures, identify improvement areas and develop strategies to enhance overall cybersecurity.
How does a family begin to forge a clear path forward? What’s cyber road-mapping?
When a family seeks to forge a clear path forward in cybersecurity, the first step is often utilizing a recognized framework as a guide. An assessment of your current state using a framework serves as a foundational step to systematically approach cyber risks and develop strategies for robust defenses.
Families have two primary options for assessments: a self-assessment or leveraging a third-party service. While self-assessments can be a starting point, they often lack the objectivity and depth that a third party can provide. Therefore, even if families start with a self-assessment, it’s generally advisable to eventually engage with a third party. These experts can offer an unbiased view of the cyber risks and are skilled at identifying vulnerabilities that might otherwise go unnoticed.
The culmination of this assessment process is what we refer to as a "cyber road map." This road map is essentially a strategic plan derived from the threat assessment. It outlines specific steps and initiatives that need to be taken to align the family’s cybersecurity posture with the standards set by the chosen framework. This might include recommendations on improving technological safeguards, enhancing security policies, updating response strategies or conducting regular training for staff.
In essence, a cyber road map translates the complex, often technical findings of a cybersecurity assessment into an actionable and understandable plan. It prioritizes the identified risks and provides a sequenced approach to addressing them, ensuring that resources are allocated effectively to bolster the overall cybersecurity of the family office.
What is something most families don’t know about cyber vulnerabilities?
A common oversight in cybersecurity within family offices is to underestimate the prevalence and impact of vulnerabilities in our devices and systems. To clarify, a vulnerability refers to a weakness in a system or device that can be exploited by cyberattackers. The remedy for such vulnerabilities often comes in the form of patches, which are software updates designed specifically to fix these weaknesses.
Both Microsoft and Apple release numerous patches each month. These patches are critical, as they address newly discovered vulnerabilities that could potentially be exploited by cybercriminals. What families and their offices often overlook is the sheer frequency and volume of these updates. Each patch released is a response to a potential threat, and the delay or omission in installing these updates can exponentially increase the risk of a cyberattack.
If a device misses several months’ worth of updates, it doesn’t just become vulnerable; it also becomes a potential gateway for cyberattackers to access broader networks. This risk isn’t confined to the device owner alone; it extends to anyone who communicates with them or shares the same network.
The critical takeaway for businesses and family enterprises is the necessity of a systematic process for updating all devices. This process should be a standard practice, overseen either by in-house IT staff or by a managed service provider.
What does 2024 look like in terms of new cyber threats?
There is an encouraging trend of increasing preparedness among family offices who are taking proactive steps to build robust cybersecurity programs. This trend is a positive development in the ongoing battle against cyber threats. However, as our defenses evolve, so do the tactics of cybercriminals.
One significant area of concern for the coming year is the rise in insider threats. These incidents involve employees or individuals with internal access who misuse their privileges to steal data, assets or sensitive information. This type of threat is particularly insidious because it comes from within an organization, often bypassing many of the traditional external defenses.
Additionally, we anticipate a persistent baseline of random cyberattacks. These are the types of threats that indiscriminately target systems and users, such as widespread phishing campaigns and opportunistic attacks that exploit vulnerabilities in unsecured systems. These kinds of threats remain a constant in the cybersecurity landscape and require ongoing vigilance.
However, more concerning is the expected increase in targeted attacks, especially in the realm of high-net-worth families and family offices. As attackers become more sophisticated and informed, we foresee a spike in spear-phishing attacks and other targeted strategies. These attackers will likely employ methods that specifically focus on a targeted family or individual, utilizing detailed reconnaissance to identify and exploit personal networks, locations and devices. This targeted approach combines technical expertise with personalized tactics, making it more challenging to detect and prevent.
What’s to come for luxury real estate in 2024
By NIKKI BEAUCHAMP
Just as the combined net worth of the 500 richest people surged by $1.5 trillion in 2023 and the S&P 500 soared, so did the luxury and ultraluxury real estate markets.
In the New York City luxury market especially, cash is always king and can be leveraged effectively as a purchaser. According to Miller Samuel, in the last quarter of 2023 in Manhattan, 67.9% of buyers paid cash for their homes, representing a 17.6% year-over-year jump. Historically, this is normally around 40% to 50%. Generally, in the luxury market, this number is above 70%. In any market environment, there is opportunity for astute purchasers, often as properties linger and days on market increase, resulting in increased negotiability for buyers.
In 2023, per the Olshan Luxury Report, 1,208 contracts were signed for properties valued above $4 million. The trophy market (properties listed above $10 million) totaled 244 signed contracts, the third-highest total in the past decade. The allure of Billionaires' Row remains significant, with six of the top 10 deals of 2023 occurring in this luxurious area, favored by wealthy international buyers with refined tastes. A review of Manhattan's top 10 sales shows a price range from $51 million for a penthouse in Tribeca to the year's highest sale at $80 million for a duplex at 220 Central Park South.
So far, 2024 is off to a roaring start — in mid-January, a penthouse at Central Park Tower, initially marketed for $175 million and last marketed at $149.5 million, is reportedly pending a sale, though the exact amount has not yet been confirmed. Recent closed property records show that a townhouse in the West Village has closed at $72.5 million.
In New York City, as the rates skyrocketed, the overall market leverage has often favored buyers — and for much of the past year and a half, this has been the case. Luxury condominiums, particularly in new developments, have been at the forefront of many significant transactions in recent years. With many of my own clients, we view the opportunity as locking in pricing for future delivery and — depending on when you are purchasing in the development cycle and from whom, and the market dynamics at the point of going into contract — your levels of negotiability and leverage can result in extraordinary purchases, whether you are an end user or purchasing for investment. With this strategy, some of my clients seized upon tremendous opportunities during and emerging from the pandemic.
The thought of nine-figure home sales may have once been unthinkable. However, several dozen nine-figure homes have traded since the pandemic, and the luxury market has continued to perform well — which is not surprising, given the stratospheric increase in wealth in recent years. The new post-pandemic reality of residing between multiple locations has broadened since the pandemic and transformed the real estate market. While commercial real estate may be struggling — as the return-to-office-versus-hybrid debate continues in global capitals such as New York, London and Dubai — those who are highly mobile and with substantial assets are leveraging the assets when an opportunity arises to acquire new properties for their portfolios or, jurisdiction permitting, to rent in the interim as they explore establishing stronger roots and purchasing additional properties.
Quarterly reports are informative but are not real-time market indicators. By the time media is reporting that a market favors buyers or sellers, the tides have almost always already turned. Your best asset is always your team of informed, trusted advisers. As it seems more likely that the Fed will start cutting rates later than expected, it is possible that a larger window of opportunity remains to acquire great assets from motivated sellers.