Transparency is one of our core values at Sapphire. That is why we are openly sharing the details of a recent social engineering incident that targeted our firm.
A few months ago, a scammer obtained the details of one of our investment managers and began impersonating them. Posing as the FCA authorised Directory Person on WhatsApp, the fraudster urged people to invest in cryptocurrency.
The fallout was rapid. Over a short period we received calls from more than ten different people. Some were prudently checking whether the request was real. Others called to tell us that they had already lost thousands of pounds believing the impersonator.
We want to be unequivocal on one point: Sapphire does not promote, recommend, or offer direct investments.
Even after twenty-five years of making critical decisions in financial services, being targeted in this way leaves you feeling floored!!! Within hours of the first calls we reported the incident to the Financial Conduct Authority (FCA) and posted warning notices on our website. Our investors entrust us with their personal data, and they deserve a fortress of protection around it. This incident has therefore sharpened our commitment to obtaining ISO 27001 certification.
As a small firm that does not handle client money, committing to ISO 27001 is not a step we take lightly. Yet the further we travel along this path, the more confident we are that it is the right one. Think of ISO 27001 as a building safety code for information: a structured, audited standard that requires you to design, document and continuously test the resilience of your defences, rather than relying on goodwill and gut feel.
By drawing lessons from high-profile incidents such as the cyber attacks on Marks & Spencer and the British Library, we are pushing ourselves to think more deeply about cybersecurity from both an operational and a strategic standpoint.
Our experience is, unfortunately, part of a rapidly deteriorating global picture. According to the World Economic Forum's Global Risks Report 2026, cyber insecurity sits among the most severe risks facing the world. It is ranked the sixth most severe global risk over the next two years and remains among the top recurring risks over the coming decade.
A particularly significant strand of this risk is ransomware. The European Union Agency for Cybersecurity (ENISA) defines ransomware as a targeted attack in which threat actors take control of an organisation's assets and demand a payment in exchange for restoring access or for not publicly exposing sensitive data. It is a serious threat in its own right, made worse by the use of multiple extortion techniques and by perpetrators whose goals increasingly extend beyond pure financial gain.
So who is behind these attacks, and who do they target? Recent advisories from the FBI and the United States Cybersecurity and Infrastructure Security Agency (CISA) make clear that ransomware actors are highly opportunistic and financially motivated. They indiscriminately target a wide range of victims, including businesses, critical infrastructure and other organisations across North America and Europe. They often use deceptive tactics to gain initial access, such as disguising malicious payloads as routine software updates, or using "ClickFix" social engineering, where users are tricked into running malicious code by clicking on a fake CAPTCHA test. This was the technique highlighted in the recent joint FBI and CISA advisory on the Interlock ransomware group.
For our investors, three themes from the latest ENISA Threat Landscape report are worth highlighting:
Recent incidents have shown that businesses can no longer afford to be reluctant to plan for every contingency. By learning from our own experience, and by heeding the warnings of organisations such as ENISA, CISA and the WEF, we are continuing to evolve both our operational and our strategic defences. Our commitment is straightforward: that Sapphire remains a safe, secure and resilient partner for every investor and fund manager who works with us.