We live in a world of increasing cyber threats and exposures. In recent times, data breaches have dominated the headlines. Cyber attackers though are not simply focusing on attacks which have a large scale effect or disruption to users. What we are increasingly seeing is that cyber attackers are focusing on those targets where they can obtain the best potential value from an attack.
High net worth (HNW) individuals tick all the boxes for a potentially high return value cyber attack. HNWs have vast financial resources to steal from. They have reputations that can be tainted. HNWs might hold potentially valuable commercial data on their computers or they might have a high public profile, which makes them an ideal target for cyber trolling, online bullying, privacy intrusions and cyber stalking. In addition, many HNW individuals have a number of employees and third parties who manage their homes and finances. The trusted third party may not have malicious intent; but they may be the unknowing pathway into the HNW individual’s network or personal data. The further attraction of HNW’s to cyber attackers is that many such persons often have inadequate cyber security arrangements in place. As a result, cyber threats are quickly becoming one of the most prevalent security threats to HNW individuals.
Understanding the threats
Cyber threats are not unique to HNW individuals. But HNW individuals are at a greater risk to these threats because they offer a greater reward potential for cyber criminals. Let’s consider some of these threats in the context of the HNW.
Ransomware is a form of malware that locks an individual’s device or restricts access to user files until the ransom is paid and a decryption key provided by the hacker. HNW are ideal targets as cyber criminals see such persons as having the means to pay the ransom and many such persons might prefer to just pay the ransom rather than have the hassle of their computer access locked.
Spear phishing attacks in general seek to trick victims into revealing confidential information by posing as a legitimate website or email or caller. Most commonly the targets are asked to open an email attachment which upon doing so their computer becomes infected with malware or they are re-directed to a spoof website where any information they enter could be captured. Spear phishing, as the name implies, focuses on a select few targets, often just a single HNW individual.
Wi-Fi spoofing and man in the middle (MITM) attacks. Technology is everywhere in today’s HNW’s household. While companies are constantly investing to tighten their cyber security procedures the cyber security around most home Wi-Fi networks and Smart Technology falls short. Hackers are increasingly turning their attention to home networks. Of particular interest are the home networks of HNW individuals, CEO’s and other executives because of their potential access to valuable trade secrets, corporate financial information and simply because of their level of wealth. If, for instance, a home Wi-Fi network is not properly secured the HNW could be susceptible to a MITM and Wi-Fi spoofing attacks. MITM is where an attacker secretly sits between the HNW’s computer and the web sites they are accessing; capturing the communication or relaying it on. With Wi-Fi spoofing an attacker creates a Wi-Fi account that is named similar to the HNW’s network to trick their computer into connecting to it.
Public networks. Public and open Wi-Fi hotspots such as those in hotels or airports are inherently unsecure, even those that require a password. Hackers are increasingly targeting luxury hotel Wi-Fi networks to access HNW individuals. Recently a vulnerability in the Wi-Fi routers used by many luxury hotels was discovered, which enabled cyber criminals to install a keystroke logger malware on the guest’s computers.
Third parties: the weakest link? Anyone with access to the HNW’s house and technology or systems can leave the HNW more vulnerable to identity theft and other forms of cyber- attack. What might happen for example is that the personal assistant of a HNW individual might receive an email request from the HNW boss asking the assistant to transfer funds to a familiar sounding third party account. The email might come from the boss’ personal email address and seem authentic but it is a bogus email from a cyber attacker posing as the boss.
Cyber cover for high net worth individuals
One of the most notable recent cyber insurance developments, particularly in the US, has been the introduction of bespoke cyber cover that is designed to protect the high net worth individual. Some of the covers emerging include:
Cyber bullying insurance to cover the impact of internet bullying. Cover includes the cost of counselling, lost income if the HNW is off work, reputational management to clean up any online smears and help from digital forensic specialists to trace the abuse
High value homeowners insurance which includes cover for:
- Financial loss - for unauthorised use of credit cards and electronic fund transfers resulting from cyber attacks.
- Identity theft restoration - the costs to restore the HNW individual’s credit record and personal identity resulting from a cyber attack.
- Liability for claims and lawsuits brought against the HNW individual or their family for cyber related property damage or personal injury. For instance, if a hacker uses the HNW individual’s social profile and posts defamatory comments or exposes sensitive business communications that are damaging to a third party. Or the HNW or the child of a HNW is accused of cyber bullying or online harassment
- Cyber extortion and ransomware cover which cover the payment of genuine threats along with the negotiation, handling, contracting and delivery of monies.
Prevention better than cure
HNW individuals have exposures to the same types of cyber security issues more typically associated with large corporations. Yet without IT departments protecting the HNW individual’s networks and responding to threats the HNW are enticing cyber attack targets. Consequently, a trend is emerging in the US where extra cyber security and monitoring services are being either being offered as an add-on to the basic cyber cover depending on the HNW’s specific needs alternatively some insurers are including such services as part of their HNW cyber offering on the basis that prevention is better than cure. There is also a growing recognition by insurers that good cyber protection is not all about technology: cyber education is key. Some of these services include:
- Cyber security monitoring. This service recognises that traditional anti-virus products alone are not enough to defend against the advanced cyber threats that HNW’s face. Such a service provides a robust IT security strategy that includes for instance security hardware, monitoring, cyber intelligence and analytic analysis.
- Cyber 24/7 concierge. Security experts are available to answer questions and assist with any cyber issues a HNW might encounter.
- Cyber shield services. Such types of services provide an alarm system or emergency responder to a cyber attack.
- Cyber safety checks. This type of service includes IT audits and risk assessments of all those connected to the HNW and even IT training for employees and family members on cyber security awareness.
Related items: