SecurıdigmA new paradigm for private cybersecurity
Securidigm Watch

What changed, and what's coming for you.

A curated watch on the two things that move the ground under private-wealth security: regulation that creates new obligations and deadlines, and threat activity aimed specifically at family offices and the firms that serve them.

Watch updated — June 2026

Compliance & regulatory

Reg S-PJun 3, 2026

Reg S-P compliance date reached for all remaining entities

The SEC's 2024 amendments — incident-response program, 30-day customer-notification rule, and service-provider oversight — are now in effect for smaller advisers and broker-dealers (the larger-entity date passed Dec 3, 2025).

→ Action: confirm your written IRP and notification procedure are in place and tested.
FTC SafeguardsIn force

Safeguards Rule breach-notice provision active

Non-bank financial institutions must notify the FTC within 30 days of discovering a breach involving the unencrypted information of 500+ consumers, on top of the existing program requirements (Qualified Individual, MFA, encryption, testing).

→ Action: verify a named Qualified Individual and a working breach-determination process.
SEC2026 priorities

2026 exam priorities spotlight Reg S-P and identity theft

The SEC's 2026 examination priorities intensify cybersecurity and operational-resiliency reviews — with a spotlight on the new Reg S-P data-protection rules, Reg S-ID identity-theft prevention, incident response, and third-party vendor oversight.

→ Action: keep evidence, your IRP, and vendor oversight current — not assembled the week before an exam.
State privacyOngoing

State data-privacy and breach-notification laws expanding

A growing patchwork of state privacy statutes and breach-notice timelines can apply alongside federal rules depending on where clients and data reside.

→ Action: map where your sensitive data lives against applicable state obligations.

Threat activity & targeting

Wire fraud / BECElevated

Business-email compromise still the top financial threat to family offices

Phishing was the entry vector in 93% of family-office breaches (Deloitte). Attackers compromise or spoof email to insert fraudulent wire instructions, often timed to a real transaction — and small teams with high-value, movable funds make family offices a prime target.

→ Defense: out-of-band callback verification on every payment change. Read the brief →
Deepfake / vishingRising

AI voice-cloning used to authorize payments

83% of family offices say they're concerned about deepfake and impersonation campaigns aimed at their principals (Omega Systems, 2025). Synthetic audio of a principal or partner is used to pressure staff into urgent transfers — defeating "I recognized the voice" as a control.

→ Defense: shared code-phrase and dual authorization for high-value movements. Read the brief →
Vendor breachPersistent

Third-party and supply-chain compromise exposes client data

Breaches at administrators, custodians, IT providers, and SaaS vendors remain a leading path to private-wealth data — often outside the client's own walls.

→ Defense: vendor register with 72-hour breach clauses and MFA requirements.
Targeted intrusionOngoing

Principals & household staff under direct social-engineering

High-net-worth individuals, family members, and household staff are targeted through personal devices, social media, and travel — where corporate controls don't reach.

→ Defense: personal-device hardening, travel security, and family awareness coaching. Read the guide →

Informational only — not legal advice.

Begin

Get the brief tailored to you.

Retained clients receive a continuous, tailored watch on the regulations and threats specific to their environment.

Start the conversation →