Ultra High Risks and Ultra High Impact: Security for Ultra High Net Worth Individuals

Written By fra juniper

Executive Summary

  • UHNWIs and their organisations face a high level of security risk, with cyber-enabled fraud among the most serious risks.

  • Advances in AI and changing working patterns are increasing the threat posed by highly targeted phishing attacks (known as ‘whaling’ attacks) for UHNWIs. 

  • UHNWIs and family offices should adopt a proactive approach to protective security, including through active defensive techniques and enhanced training. 

At Tyburn Associates, we specialise at countering threats to risk-sensitive organisations.

Our experts bring experience in government, military, and academia to bear in delivering solutions to challenging threat environments.

Speak to an expert on protective security today 

CONTACT US

The threat to UHNWIs

Ultra High Net Worth Individuals (UHNWIs) face a broad and sophisticated array of threats. These individuals and their associates are high-value targets for criminals; because of their wealth and resources, a successful attack can translate into outsized financial gains. 

Cyber-enabled fraud ranks high among the threats faced by UHNWIs. A February 2025 report found that 1 in 3 high net worth individuals had been affected by financial scams over the previous 6 months [LINK]. 

This reflects a broader trend. A 2024 report from the Federal Bureau of Investigation’s Internet Crime Center stated that financial losses from online crime exceeded USD16 billion; an increase of 33% from the prior year [LINK]. In 2025, the UK’s National Crime Agency reported that online fraud accounted for 41% of all crime (not just online crime) reported in England and Wales in the year to September 2024 [LINK]. 

The ‘whaling’ kill chain

UHNWIs are an attractive target for ‘whaling’ attacks; a type of phishing attack where criminals craft highly sophisticated phishing lures to target senior, important individuals. 

The level of personalisation and authenticity involved in conducting these attacks requires a considerable investment of time and money, but the potential rewards for criminals able to successfully attack an UHNWI justify this investment. 

Successful whaling attacks enable account takeovers, theft, and extortion. Beyond financial loss, potential impacts include legal liability, reputational damage, and business interruption.  

The graphic below sets out the whaling ‘kill chain’ – the set of steps that an attacker will work through when conducting a whaling attack. The graphic highlights the impact on the target of each step in the chain, as well as highlighting actions that the target can take to reduce the risk.

Factors driving increased whaling threat

The threat to UHNWIs posed by whaling is increasing, driven by the growth in online fraud but also by technical and organisation changes. Below we identify three factors that contribute to the growing effectiveness of whaling as a tactic for targeting UHNWIs. 

1. Digital convergence

The blurring of the lines – between the digital and real worlds, between our personal and our professional lives – is a key factor driving elevated risk for UHNWIs. 

The growing reliance on online platforms and digital services for communication, investment management, travel, and social engagement has dramatically widened the attack surface. Devices are now frequently used for both personal and work-related activities, complicating visibility and control over sensitive data and communications.

Conversely, niche wealth management and lifestyle platforms, often used by UHNWIs and family offices for convenience and discretion, handle extremely sensitive financial and personal data. These platforms, precisely because they offer high-value, high-reward targets, inherently carry a heightened risk profile for threat actors.

2. Expansion of family offices

The expansion in the use and size of family offices is paradoxically increasing risk for UHNWIs. 

93% of Ultra High Net Worth Individuals (UHNWIs) rely on Family Offices to provide management and security services [LINK]. However, the expansion of the use of family offices has made them a target for criminals. A 2025 survey noted that 43% of Family Offices globally reported a cyber attack. Family offices handling over USD1 billion in assets under management reported an even greater figure of 62%. A further 25% of the offices reported experiencing three or more attacks between the last 12-24 months [LINK].

Increased spending on these organisations has often not been matched by increased funding for cybersecurity. Moreover, the expansion in the size of family offices creates its own vulnerabilities, ranging from an expanded attack surface to increased insider security risk. According to a 2024 report, only 54% of family offices ensure that all staff participate in security training [LINK]. For criminals, it will often be easier to target administrative staff working for phishing attacks or even as potential insider threats. 

3. Advances in generative AI

Third, advances in generative AI technology have made deepfakes easier to produce and harder to detect.

A 2025 study found that AI has been used by threat actors in 67.4% of recent phishing scams [LINK]. AI plays a large role in developing intricate whaling attacks. The greater ease of generating audio and video deepfakes has allowed attackers to further develop more intricate attacks. 

The increased accessibility of these tools means that threat actors no longer need advanced technical expertise to mount sophisticated campaigns. As a result, traditional indicators of compromise such as suspicious language are becoming less reliable.

The shift in security challenges is critical because it erodes the very foundation of protection: human trust. As manipulated content becomes harder to distinguish from legitimate communication, high-value individuals, and advisors face a heightened threat of financial fraud, data breaches, and reputational damage.

Conclusion

A modernised approach to UHNWI security is needed. Security for many UHNWIs and family offices is limited to defensive cyber security efforts aimed at protecting networks.

In an increasingly challenging threat environment, organisations at high-risk must adopt a holistic view of security that encompasses cyber, physical, and personnel threat vectors. Criminal groups will not restrict their activities to cyberspace. Accordingly, security measures should consider real-world and personnel threat vectors, including insider threat. 

Organisations must also be proactive rather than reactive. This means actively preparing for security incidents through tailored incident response planning, comprehensive security awareness training for families and staff, and regular security incident management exercises. Being proactive also means taking the initiative against criminal groups, including through active management of an organisation’s online exposure and the digital footprints of UHNWIs and key personnel. 

Tyburn recommendations

  • Prominent individuals leave themselves open to attack through their digital footprint. To reduce this exposure, family offices should embed digital hygiene into the security plan by continuously monitoring the individual’s online footprint, enforcing strong device security policies, and conducting targeted takedowns of sensitive material.

  • Comprehensive security training should extend to family members, household staff, and close associates. Regular incident and crisis management exercises will strengthen awareness, improve decisionmaking under pressure, and increase personal and organisational resilience.

  • To address emerging threats, family offices should strengthen their overall protective security by uniting physical, digital, and personal risk management within a cohesive framework that includes clear response plans and tailored insurance—delivered as one integrated solution.

fra juniper
Next

Stricter reporting requirements put pressure on companies’ incident response plans