View all Services

What's Trending

Managed Portfolio Strategies at J.P. Morgan
Private Banking Services
View all Insights

What's Trending

2024 Mid-Year Outlook
A severe case of COVIDIA: prognosis for an AI-driven US equity market
View More ABOUT US

What's Trending

Euromoney names J.P. Morgan “World’s Best Private Bank"
J.P. Morgan Private Bank is named 2024’s “World’s Best Private Bank” for the fifth year in a row

locate an office

View All Offices

offices near you

office near you

Cybersecurity

Cybercriminals think you’re an easy target. Prove them wrong

No one likes to manage dozens or even hundreds of ever-changing passwords. No surprise, then, that one frustrated private equity chief operating officer (COO) simply refused. Instead, he used a single password for most of his accounts, both personal and professional.

What happened next should come as no surprise, either: In a hack unrelated to his work, cybercriminals captured his password. Then they used that password to breach the COO’s personal email, work email and eventually his entire company.

Cue ransomware attack. The firm’s environment was shut down, and employees were unable to work for weeks. Not to mention the financial and reputational costs. Accepting a small personal inconvenience upfront could have prevented the breach and its ripple effects.

Preventing cyberattacks goes beyond implementing appropriate security technology. Your business, including your people and your processes, may be vulnerable as well. Often, cybercriminals are looking for footholds in your devices, where they can sit quietly, gather information and learn how you operate before launching a larger attack.

Many families with significant wealth, businesses and family offices find themselves largely unprepared.

A sophisticated crime landscape

Cyberattacks, automated bots, AI deepfakes, supply chain software vulnerabilities, ransomware—today’s cybercrime landscape is much more sophisticated than it was just a few years ago. This is true for businesses of all sizes, not just the large organizations whose cyberbreaches make the news.

In fact, 75% of cyberattacks target small and medium businesses.1 That’s partly because they lack the robust defenses of larger organizations, and partly because many business owners mistakenly believe being in the cloud ensures security. Once a cybercriminal gains access to an organization, they’ll attempt to move laterally in an effort to extract valuable data and generally wreak havoc.

Finding an easy target

High-net-worth individuals and families, investment offices, family offices and private businesses are particularly attractive targets for cybercriminals due to their perceived wealth, significant resources and extensive digital footprints. In our 2024 Global Family Office Report, 24% of family office respondents said they had been victims of cyberattacks. Of family offices with more than USD 1 billion in assets, 40% said they had suffered a breach.

Yet our research finds family offices are largely unprepared. Only 39% require staff to undergo cybersafety training, and only 34% have hired a cyberdefense provider.2 Nearly a quarter—23%—have no cyber protections in place.

Like other crooks/thieves/burglars, cybercriminals look for the weak link. Often, that’s people. Hackers use social engineering in all its forms—email and text phishing, QR code manipulation and voice manipulation—to seize information that would otherwise be protected. Maintain a skeptical mindset toward any request for money or information about your organization, and verify any request via another channel.

Making sure AI works for—not against—you

While artificial intelligence (AI) can provide efficient productivity gains, it can also present security risks.

AI platforms and tools can retain everything you input. This makes it crucial to implement guardrails that will safeguard business data and personal data. If you’re utilizing a public AI tool to read and review resumes and not using an enterprise license, every piece of that data read—names, addresses and other potential proprietary informationare being ingested into a Large Language Model (LLM) platform that you do not control.

To be cybersafe with AI:

  • Use a separate email dedicated for use just with the AI tool. If you are using a public tool, don’t use the same email for the tool that you use with your bank, or for other sensitive information.
  • Ensure that all requests are verified via two channels of communication, such as video, calls and/or text messages. If AI is used to create a persuasive deepfake, it can potentially deceive someone into providing sensitive information or authorizing a transaction.
  • It’s particularly important to examine payment processes and protocols to understand if they could withstand an AI-powered social engineering attack. Be proactive and vigilant as AI tools quickly mature and are introduced in the workplace. Even junior staff should be empowered to question a sensitive request and validate via an alternate form of communication.

Assessing and enhancing cyber readiness

There’s no foolproof way to protect your business from cybercriminals. But there are steps every business owner, high-net-worth individual and family office can take to mitigate risk, and to limit damage should a breach occur.

  • Engage the professionals

    If you’re not a cybersecurity expert, don’t try to navigate the complex cyber landscape on your own. Instead, engage experts and trusted professionals to evaluate and establish cybersecurity controls across your organization’s people, processes and technology. Even if you’ve engaged professionals in the past, maintenance is important to ensure that your defenses stay robust and up-to-date.
  • Do a cyber assessment

    Consider starting with a comprehensive cyber assessment by a reputable firm. An assessment will highlight specific vulnerabilities, allowing you to prioritize the most important ones and address them effectively.

    A thorough assessment identifies potential weaknesses through network testing, physical access checks and social engineering evaluations.
  • Train staff and family

    Educate your staff on potential vulnerabilities, such as phishing (emails, texts, QR codes and phone calls), fraudulent payment requests and other methods cybercriminals use to gain access to information or money. A culture of vigilance will reduce the risk of compromise.

    Family members need to be educated as well. If a family member is old enough to have a social media account, they’re old enough to be educated on its use. Teens, in particular, need to be coached not to share in a way that reveals too much about the family’s activities and location. It’s exciting that the family went on a great trip, but tell the world about it once you’re home.
  • Multi-factor authentication (MFA)

    Multi-factor authentication is a small inconvenience, but it’s much less trouble than a ransomware or extortion attack. It is also one of the strongest layers of defense available to individuals and to businesses. Use it wherever possible, both personally and professionally, and especially to protect critical data and remote log-ins. Bonus points: The use of MFA may even reduce your cyber insurance rates.
  • Control access

    Adopt a “need to know” access policy throughout your organization so that only the people, applications and tools that absolutely need specific information have access to it.

    Access policies aren’t about trustingor distrustingemployees. They’re about limiting damage in the event someone breaks into your systems by using an employee’s credentialsin essence, by impersonating them.

Given the rapidly changing landscape of cyberthreats and their increasing severity, it’s far better to invest a modest amount in an assessment and prevention than to pay an exorbitant amount—in cash, reputation and headaches—in a ransomware or extortion attack that could have been avoided.

We can help

Protecting your assets and your information is our priority. J.P. Morgan is committed to providing safe, resilient services to our clients and partners within an ever-evolving threat landscape. For more information and resources to better secure yourself, your family and your business, please contact your J.P. Morgan team.

1The 2024 Sophos Threat Report (https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report).

22024 Global Family Office Report, J.P. Morgan Private Bank, April 2024.

TAGS

Share

Cybersecurity requires a comprehensive approach
Published Sep 17, 2024

In this article

you may also like

EXPERIENCE THE FULL POSSIBILITY OF YOUR WEALTH

We can help you navigate a complex financial landscape. Reach out today to learn how.

Contact us

Family Offices

1 minute read

The Importance of Cybersecurity for the Family Office

Trending Insights

Important Information

All case studies are shown for illustrative purposes only, and are hypothetical. Any name referenced is fictional, and is not representative of individual client experiences. Information is not a guarantee of future results or success.

Key Risks

This material is for informational purposes only, and may inform you of certain products and services offered by private banking businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at accessibility.support@jpmorgan.com for assistance. Please read all Important Information.

General Risks & Considerations

Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g., equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan team.

Non-Reliance

Certain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/ reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.

Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.

IMPORTANT INFORMATION ABOUT YOUR INVESTMENTS AND POTENTIAL CONFLICTS OF INTEREST

Conflicts of interest will arise whenever JPMorgan Chase Bank, N.A. or any of its affiliates (together, “J.P. Morgan”) have an actual or perceived economic or other incentive in its management of our clients’ portfolios to act in a way that benefits J.P. Morgan. Conflicts will result, for example (to the extent the following activities are permitted in your account): (1) when J.P. Morgan invests in an investment product, such as a mutual fund, structured product, separately managed account or hedge fund issued or managed by JPMorgan Chase Bank, N.A. or an affiliate, such as J.P. Morgan Investment Management Inc.; (2) when a J.P. Morgan entity obtains services, including trade execution and trade clearing, from an affiliate; (3) when J.P. Morgan receives payment as a result of purchasing an investment product for a client’s account; or (4) when J.P. Morgan receives payment for providing services (including shareholder servicing, recordkeeping or custody) with respect to investment products purchased for a client’s portfolio. Other conflicts will result because of relationships that J.P. Morgan has with other clients or when J.P. Morgan acts for its own account.

Investment strategies are selected from both J.P. Morgan and third-party asset managers and are subject to a review process by our manager research teams. From this pool of strategies, our portfolio construction teams select those strategies we believe fit our asset allocation goals and forward-looking views in order to meet the portfolio’s investment objective.

As a general matter, we prefer J.P. Morgan managed strategies. We expect the proportion of J.P. Morgan managed strategies will be high (in fact, up to 100 percent) in strategies such as, for example, cash and high-quality fixed income, subject to applicable law and any account-specific considerations.

While our internally managed strategies generally align well with our forward-looking views, and we are familiar with the investment processes as well as the risk and compliance philosophy of the firm, it is important to note that J.P. Morgan receives more overall fees when internally managed strategies are included. We offer the option of choosing to exclude J.P. Morgan managed strategies (other than cash and liquidity products) in certain portfolios.

The Six Circles Funds are U.S.-registered mutual funds managed by J.P. Morgan and sub-advised by third parties. Although considered internally managed strategies, JPMC does not retain a fee for fund management or other fund services.

Legal Entity, Brand & Regulatory Information

In the United States, bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.

JPMorgan Chase Bank, N.A. and its affiliates (collectively “JPMCB”) offer investment products, which may include bank-managed investment accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC (“JPMS”), a member of FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPM. Products not available in all states.

In Germany, this material is issued by J.P. Morgan SE, with its registered office at Taunustor 1 (TaunusTurm), 60310 Frankfurt am Main, Germany, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB). In Luxembourg, this material is issued by J.P. Morgan SE—Luxembourg Branch, with registered office at European Bank and Business Centre, 6 route de Treves, L-2633, Senningerberg, Luxembourg, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Luxembourg Branch is also supervised by the Commission de Surveillance du Secteur Financier (CSSF); registered under R.C.S Luxembourg B255938. In the United Kingdom, this material is issued by J.P. Morgan SE—London Branch, registered office at 25 Bank Street, Canary Wharf, London E14 5JP, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—London Branch is also supervised by the Financial Conduct Authority and Prudential Regulation Authority. In Spain, this material is distributed by J.P. Morgan SE, Sucursal en España, with registered office at Paseo de la Castellana, 31, 28046 Madrid, Spain, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE, Sucursal en España is also supervised by the Spanish Securities Market Commission (CNMV); registered with Bank of Spain as a branch of J.P. Morgan SE under code 1567. In Italy, this material is distributed by J.P. Morgan SE—Milan Branch, with its registered office at Via Cordusio, n.3, Milan 20123, Italy, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Milan Branch is also supervised by Bank of Italy and the Commissione Nazionale per le Società e la Borsa (CONSOB); registered with Bank of Italy as a branch of J.P. Morgan SE under code 8076; Milan Chamber of Commerce Registered Number: REA MI 2536325. In the Netherlands, this material is distributed by J.P. Morgan SE—Amsterdam Branch, with registered office at World Trade Centre, Tower B, Strawinskylaan 1135, 1077 XX, Amsterdam, The Netherlands, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Amsterdam Branch is also supervised by De Nederlandsche Bank (DNB) and the Autoriteit Financiële Markten (AFM) in the Netherlands. Registered with the Kamer van Koophandel as a branch of J.P. Morgan SE under registration number 72610220. In Denmark, this material is distributed by J.P. Morgan SE—Copenhagen Branch, filial af J.P. Morgan SE, Tyskland, with registered office at Kalvebod Brygge 39-41, 1560 København V, Denmark, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Copenhagen Branch, filial af J.P. Morgan SE, Tyskland is also supervised by Finanstilsynet (Danish FSA) and is registered with Finanstilsynet as a branch of J.P. Morgan SE under code 29010. In Sweden, this material is distributed by J.P. Morgan SE—Stockholm Bankfilial, with registered office at Hamngatan 15, Stockholm, 11147, Sweden, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Stockholm Bankfilial is also supervised by Finansinspektionen (Swedish FSA); registered with Finansinspektionen as a branch of J.P. Morgan SE. In Belgium, this material is distributed by J.P. Morgan SE—Brussels Branch with registered office at 35 Boulevard du Régent, 1000, Brussels, Belgium, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE Brussels Branch is also supervised by the National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA) in Belgium; registered with the NBB under registration number 0715.622.844. In Greece, this material is distributed by J.P. Morgan SE—Athens Branch, with its registered office at 3 Haritos Street, Athens, 10675, Greece, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Athens Branch is also supervised by Bank of Greece; registered with Bank of Greece as a branch of J.P. Morgan SE under code 124; Athens Chamber of Commerce Registered Number 158683760001; VAT Number 99676577. In France, this material is distributed by J.P. Morgan SE—Paris Branch, with its registered office at 14, Place Vendôme 75001 Paris, France, authorized by the Bundesanstaltfür Finanzdienstleistungsaufsicht(BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB) under code 842 422 972; J.P. Morgan SE—Paris Branch is also supervised by the French banking authorities the Autorité de Contrôle Prudentiel et de Résolution (ACPR) and the Autorité des Marchés Financiers (AMF). In Switzerland, this material is distributed by J.P. Morgan (Suisse) SA, with registered address at rue du Rhône, 35, 1204, Geneva, Switzerland, which is authorized and supervised by the Swiss Financial Market Supervisory Authority (FINMA) as a bank and a securities dealer in Switzerland.

This communication is an advertisement for the purposes of the Markets in Financial Instruments Directive (MIFID II) and the Swiss Financial Services Act (FINSA). Investors should not subscribe for or purchase any financial instruments referred to in this advertisement except on the basis of information contained in any applicable legal documentation, which is or shall be made available in the relevant jurisdictions (as required).

In Hong Kong, this material is distributed by JPMCB, Hong Kong branch. JPMCB, Hong Kong branch is regulated by the Hong Kong Monetary Authority and the Securities and Futures Commission of Hong Kong. In Hong Kong, we will cease to use your personal data for our marketing purposes without charge if you so request. In Singapore, this material is distributed by JPMCB, Singapore branch. JPMCB, Singapore branch is regulated by the Monetary Authority of Singapore. Dealing and advisory services and discretionary investment management services are provided to you by JPMCB, Hong Kong/Singapore branch (as notified to you). Banking and custody services are provided to you by JPMCB Singapore Branch. The contents of this document have not been reviewed by any regulatory authority in Hong Kong, Singapore or any other jurisdictions. You are advised to exercise caution in relation to this document. If you are in any doubt about any of the contents of this document, you should obtain independent professional advice. For materials which constitute product advertisement under the Securities and Futures Act and the Financial Advisers Act, this advertisement has not been reviewed by the Monetary Authority of Singapore. JPMorgan Chase Bank, N.A., a national banking association chartered under the laws of the United States, and as a body corporate, its shareholder’s liability is limited.

With respect to countries in Latin America, the distribution of this material may be restricted in certain jurisdictions. We may offer and/or sell to you securities or other financial instruments which may not be registered under, and are not the subject of a public offering under, the securities or other financial regulatory laws of your home country. Such securities or instruments are offered and/or sold to you on a private basis only. Any communication by us to you regarding such securities or instruments, including without limitation the delivery of a prospectus, term sheet or other offering document, is not intended by us as an offer to sell or a solicitation of an offer to buy any securities or instruments in any jurisdiction in which such an offer or a solicitation is unlawful. Furthermore, such securities or instruments may be subject to certain regulatory and/or contractual restrictions on subsequent transfer by you, and you are solely responsible for ascertaining and complying with such restrictions. To the extent this content makes reference to a fund, the Fund may not be publicly offered in any Latin American country, without previous registration of such fund’s securities in compliance with the laws of the corresponding jurisdiction.

JPMorgan Chase Bank, N.A. (JPMCBNA) (ABN 43 074 112 011/AFS Licence No: 238367) is regulated by the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority. Material provided by JPMCBNA in Australia is to “wholesale clients” only. For the purposes of this paragraph the term “wholesale client” has the meaning given in section 761G of the Corporations Act 2001 (Cth). Please inform us if you are not a Wholesale Client now or if you cease to be a Wholesale Client at any time in the future.

JPMS is a registered foreign company (overseas) (ARBN 109293610) incorporated in Delaware, U.S.A. Under Australian financial services licensing requirements, carrying on a financial services business in Australia requires a financial service provider, such as J.P. Morgan Securities LLC (JPMS), to hold an Australian Financial Services Licence (AFSL), unless an exemption applies. JPMS is exempt from the requirement to hold an AFSL under the Corporations Act 2001 (Cth) (Act) in respect of financial services it provides to you, and is regulated by the SEC, FINRA and CFTC under U.S. laws, which differ from Australian laws. Material provided by JPMS in Australia is to “wholesale clients” only. The information provided in this material is not intended to be, and must not be, distributed or passed on, directly or indirectly, to any other class of persons in Australia. For the purposes of this paragraph the term “wholesale client” has the meaning given in section 761G of the Act. Please inform us immediately if you are not a Wholesale Client now or if you cease to be a Wholesale Client at any time in the future.

This material has not been prepared specifically for Australian investors. It:

  • May contain references to dollar amounts which are not Australian dollars;
  • May contain financial information which is not prepared in accordance with Australian law or practices;
  • May not address risks associated with investment in foreign currency denominated investments; and
  • Does not address Australian tax issues.

References to “J.P. Morgan” are to JPM, its subsidiaries and affiliates worldwide. “J.P. Morgan Private Bank” is the brand name for the private banking business conducted by JPM. This material is intended for your personal use and should not be circulated to or used by any other person, or duplicated for non-personal use, without our permission. If you have any questions or no longer wish to receive these communications, please contact your J.P. Morgan team.

©$$YEAR JPMorgan Chase & Co. All rights reserved.

LEARN MORE About Our Firm and Investment Professionals Through FINRA Brokercheck

 

To learn more about J.P. Morgan’s investment business, including our accounts, products and services, as well as our relationship with you, please review our J.P. Morgan Securities LLC Form CRS and Guide to Investment Services and Brokerage Products

 

JPMorgan Chase Bank, N.A. and its affiliates (collectively "JPMCB") offer investment products, which may include bank-managed accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC ("JPMS"), a member of FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

 

Please read the Legal Disclaimer for key important J.P. Morgan Private Bank information in conjunction with these pages.

INVESTMENT AND INSURANCE PRODUCTS ARE: • NOT FDIC INSURED • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED

Bank deposit products, such as checking, savings and bank lending and related services are offered by JPMorgan Chase Bank, N.A. Member FDIC.

Not a commitment to lend. All extensions of credit are subject to credit approval.

Equal Housing Lender Icon