“If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.” - Henry David Thoreau, Walden
By the end of 2024, the collective cost of cyber attacks is projected to soar to $9.5T, with a further increase to $10.5T expected in 2025. With over 75% of these attacks targeting small businesses, the financial implications for the most vulnerable companies are staggering. These alarming figures underscore the pressing need for robust cybersecurity measures.
A shortage of human capital compounds cyber issues. According to Dentons, family offices are particularly vulnerable due to their unique staffing needs and the talent scarcity to meet them. Nearly 30% of family offices are understaffed in critical roles, making them natural targets for cybercriminals. Further, “existing staff are under-resourced, in part due to inadequate levels of training and development. Just a small majority (54%) say all staff participate in risk mitigation and security training, and among those taking part, most (59%) do so only annually.”
"Businesses of all sizes need the right cybersecurity expertise tailored to their risk profile, industry, and compliance needs,” said Dr. Christine Izuakor, the founder and CEO of Cyber Pop-up. “Smaller businesses especially should partner with experts who not only design but also implement cybersecurity programs. Since most attacks involve human error, every employee, technical or not, plays a crucial role in either exposing or protecting the company from the most common cyber attacks. It's essential to empower all staff to help safeguard the business."
With these daunting figures as a backdrop, we entered our buildout of Sandbox with two critical objectives despite limited resources: to create an innovative and delightful client experience concurrently built on a foundation of security and controls.
Taking this approach meant sacrificing some measure of speed for stability and security. Still, our decades of experience in banking have led us to understand what may not necessarily be obvious to others—banking, at its core, involves only so many core competencies. One is risk management; no one will care about a delightful user interface if we don’t manage risk appropriately.
With risk management in mind, we quickly realized we needed to establish robust, rigorously tested controls. At that point, building SOC 2 into our foundation became the obvious choice, and we sought relationships with Vanta and VioletX to help us establish our policies, procedures, and controls.
Developed by the Association of International Certified Professional Accountants (better known as the AICPA), a SOC 2 examination is a report on controls at a service organization, including fintech platforms like Sandbox Wealth. These reports cover an array of "trust services criteria" relevant to security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are intended to meet the needs of a broad range of users who need detailed information and assurance about the controls at a service organization. For early-stage firms, institutional relationships often hinge on an ability to deliver evidence of a clean SOC 2 report.
For any organization, especially one in its early stages, achieving SOC 2 builds a strong base for a business that is built with security in mind. — Bill Dixon, VioletX
“Achieving SOC 2 for an early-stage startup immediately shows that the organization is committed to establishing trust with its clients,” said Bill Dixon, the Chief Information Security Officer at VioletX. “The SOC 2 not only establishes a base set of controls, but the validation by the audit process of the effectiveness of those controls over a period of time [provides] prospective and existing clients a level of certainty that security is part of the day-to-day of the company.”
After nearly a year of planning and a three-month audit, we’ve completed our initial SOC 2 Type II audit with no exceptions noted. This achievement underscores our commitment to security and controls. Perhaps most importantly, it conveys a sense of security that many family offices have difficulty achieving internally due to lacking internal tools and training to protect financial data and capital.
As an RIA or Family Office, knowing that they are partnering with an organization that establishes trust is a key tenant to a level of confidence that the security of their data and assets will be taken seriously. — Bill Dixon
Managing wealth and risk is intrinsically linked, particularly in an age of expanding cyber attacks. From mass affluent clients managing a small investment portfolio to the most prominent family offices and RIAs, our role at Sandbox is to securely enable the free flow of data and capital. By doing so, our objective is to mitigate many of the risks our members face.
“Family Offices and RIAs face the same cyber risks that any large organization and financial institution may face,” said Mr. Dixon. “When there is information of value to be gained and, in some cases, monetary gain directly to be made, there is no hiding from being at risk.”
Platforms like Sandbox help families manage the myriad risks associated with reporting and liquidity management by building enterprise-grade controls around data privacy, information security, and our core infrastructure. This enables our members to spend more time managing their finances and making prudent decisions around liquidity.
According to Mr. Dixon, “[E]stablishing security standards such as SOC 2 mitigates the likelihood of a cyber threat being realized and creating a material impact on the business."
