The $124T Great Wealth Transfer Is Coming. So Are the Hackers

A little privacy, please.

The Great Wealth Transfer could see $124 trillion in assets change hands over the next two decades. While that’s exciting news for spouses, children and charity organizations, it will also create plenty of opportunities for cybercriminals to swoop in and do what they do best, said Lorne Maltenfort, a director of private wealth planning at Wells Fargo. Without stronger privacy controls on retirement and investment accounts, advisors risk lasting reputational harm. “If a [cyberattack] happens to you, it’s going to be public and it’s going to be permanent,” Maltenfort told Retirement Upside. “Once privacy is out of the bottle, it’s almost impossible to put back in.”

Keep it Secret, Keep it Safe

Firms should treat privacy and security as enterprise risk, stress-testing systems multiple times a year and updating defenses as threats evolve, Maltenfort said, adding that measures can include jurisdictional planning, independent trustees and family-wide verification protocols.

He pointed to revocable trusts as a key tool. They keep assets between account holders and beneficiaries and avoid probate, where records become public and vulnerable to fraud. Public filings can enable scammers to impersonate heirs or file false real estate claims. “From an asset perspective, it’s easy to locate who owns what assets if there’s no legal shell around them,” he said.

For charitable giving, anonymous donations or donor-advised funds reduce exposure, while public naming can increase risk. “It’s about how comfortable you are putting your name out there,” Maltenfort said, adding that some clients prefer to put their name on a donation because it represents an extension of their wealth, business and mission statement. “If it’s large amounts of money, that’s a signal to cybercriminals.”

Who Has Access? As the Great Wealth Transfer gets underway, there has been more interest in who can access retirement accounts. Advisors want visibility across client assets, including retirement plans, while custodians limit access to reduce credential-sharing risks, and the threat of attacks stemming from third-party vulnerabilities. Some firms have resisted direct advisor access to 401(k)s, which fintech firm Pontera has called out.

Maltenfort said that even when advisors are given discretion with an account, there are still security measures in place. For example, in a trust, Wells Fargo might have one person who manages investments, another who handles distribution, and another who resolves disputes among family members. “In that structure, we’ve segmented responsibilities and created privacy,” he said.