In today’s digital age, safeguarding personal and financial information has become more crucial than ever.
For successful individuals, the stakes are high. With the frequency and severity of cyber threats continuing to grow, it’s imperative to understand how to protect yourself, your family, and your legacy. Threat actors are becoming more sophisticated with their tactics, including AI-enhanced fraud and identity theft, making proactivity a must to help prevent, manage, and mitigate cyber risks.
The Baldwin Group’s cybersecurity leader, Emily Selck, had the opportunity to meet with successful individuals and answer their most pressing questions about managing cybersecurity in today’s digital landscape.
This Q&A outlines what she heard and provides essential strategies for protecting digital assets, managing the security needs of executives, investing in digital assets, taking action when a breach occurs, and much more.
By fostering a culture of cybersecurity awareness and preparedness, individuals can better mitigate risks and navigate the complexities of the digital world with confidence. As cyber threats evolve, so must our strategies for protecting our assets and ensuring our safety online.
What’s the difference between identity theft benefits and personal cyber protection?
While identity theft benefits and cyber protection can both protect against digital threats, they serve different purposes in today’s online world.
Identity theft benefits focus on protecting personal identities. They provide services that can help individuals restore their identity and bounce back quickly if their personal information, such as Social Security numbers, bank details, or credit cards, is stolen or misused. Services can include credit monitoring, fraud alerts, and coverage for paying the costs of things like legal fees, fraud affidavits, certified mail, and lost wages.
Personal cyber protection is designed to protect individuals and families from financial losses stemming from cyber threats including:
- Cyberattacks – can cover damages as a result of unauthorized access to personal data or malware on personal computers, laptops, and tablets you keep in your home.
- Cyber extortion – which can pay to help resolve situations when a hacker steals your personal data and demands money in exchange for releasing it.
- Online fraud – not only can cover losses caused by online scams, data breaches, hacking, phishing, and other cybercrimes, but also pay for the costs (e.g., theft restoration, legal fees, system repairs, etc.) that can help you recover from them.
Of course, the best protection against cyber threats is prevention. Think about taking a proactive, multi- layered approach that includes:
- Updating software with the latest security features on all computers and make it a habit to back up data
- Creating strong login passwords that are hard to guess
- Using multi-factor authentication (MFA), firewalls, anti-virus software, and anti-spyware on all devices
- Saving files in the cloud and on an external storage device
- Choosing security questions that only you know the answer to
- Accessing sensitive information on secure networks only, not public Wi-Fi networks
- Avoiding automatic logins
- Setting family policies for good cyber hygiene and rules for social media use
- Limiting access to confidential, personal data
How can investors protect their digital assets and cryptocurrency transactions from hackers as support for this emerging market grows?
Last year, about 77% of successful individuals held or invested in digital assets or cryptocurrencies. With support increasing for this emerging financial market under the new Trump administration here are some ways to protect yourself.
- Use cold wallets: External or cold wallets, which are offline devices that store private keys, can make digital assets less vulnerable to online attacks. That’s because they are separate accounts that are stored offline and not on any digital device or exchange, making it difficult for bad actors to access them. In addition, choose wallets that require multiple approvals before proceeding with a transaction to make it harder for a hacker to compromise your account. Finally, keep backups of a wallet’s seed phrase in a secure, physical location, like a safety deposit box, and avoid storing large amounts of cryptocurrency in any wallets connected to the internet.
- Use strong passwords: Just like for other sensitive online accounts, use strong, unique passwords and enable multi-factor authentication (MFA) on all exchange accounts, wallets, and related services.
- Diversify storage locations: Spread cryptocurrencies across multiple wallets rather than concentrating them in one place. For institutional-level protection, consider using custodial services from reputable providers.
- Audit security measures: On a regular basis, assess the security of your devices, wallets, and accounts. You may even want to hire cybersecurity experts to test the systems you use to manage your cryptocurrencies.
- Secure internet access: Use a dedicated device for your crypto transactions, particularly one that’s not used for general browsing or downloading files. In addition, always connect via a VPN and avoid public Wi-Fi when accessing wallets or exchanges.
- Educate staff and family: If other individuals have access to crypto assets, make sure they’re trained in cybersecurity best practices. For example, review phishing scams and how to recognize fraudulent communications.
- Monitor activity: Use tools to monitor wallet activity for any unusual transactions and set up alerts for significant transactions.
- Consider insurance: For significant holdings, consider insuring digital assets through providers that specialize in cryptocurrency insurance.
Who covers the losses if a CEO is hacked and cybercriminals steal money from contacts using phishing campaigns and fraudulent appeals?
if a CEO is hacked and criminals fraudulently solicit financial donations from unsuspecting contacts, determining whose insurance policy responds can depend on the situation.
If the donors directly and voluntarily transferred funds, their personal cyber insurance coverage, if they had it, may cover reimbursement for the financial losses.
However:
If the hack resulted from negligence on the part of the CEO or the organization’s cybersecurity practices, liability may shift to the CEO’s organization. The company’s cyber liability insurance could cover third- party claims, such as reimbursing defrauded donors, under its third-party coverage provisions.
In addition:
If the CEO’s actions or oversight contributed to the breach, the company’s errors and omissions (E&O) coverage or directors and officers (D&O) insurance may provide coverage if lawsuits arise alleging mismanagement.
While the Baldwin Group can’t prevent cyberattacks from occurring, we can provide education about how to limit exposure to bad actors and help prevent devastating financial losses.
What should I do to protect myself if I suspect my personal information is on the dark web?
If you suspect your personal information is on the dark web, it’s important to mitigate potential damage. While there’s not much you can do to retrieve your stolen information, exercising good digital hygiene practices are important for protecting yourself (and your assets) once it’s there. Among them:
- Change passwords for all your accounts, prioritizing those that contain financial and sensitive data. And make sure the new ones are strong, unique passcodes or phrases that include letters, numbers, and special characters so they’re hard to break.
- Enable multi-factor authentication wherever possible to make it difficult to access your accounts or information, even if hackers get your password.
- Monitor your financial statements, credit reports, and bank accounts for unusual activity.
- Consider placing a fraud alert or credit freeze with major credit bureaus to prevent unauthorized access to your accounts.
- Alert your bank or credit card company if you detect suspicious activity.
- Use identity theft monitoring services to scan for compromised data. For instance, companies like Black Cloak (for high net-worth individuals) offer subscription services that can remove your personal information from the internet and set privacy safeguards on your computer, scan, and secure the networks at your homes, as well as protect your phones, tablets, and computers from malware.
- Beware of phishing scams and don’t click on links or download attachments sent to you in unsolicited emails.
- Limit sharing personal details about your life, family, activities, etc., on social media.
- Consult with advisors to stay updated about the latest scams and security threats.
- Consider identity theft insurance. While it won’t stop cyber hackers in their tracks, it could reimburse you for financial losses and help you restore your identity if you become a victim of an attack.
What should someone do the second they realize they’re a victim of a cyber fraud event?
Cyber fraud can strike anyone, at any time. Whether it’s a phishing scam, ransomware attack, or identity theft, quick and decisive action can limit the damage and help you recover faster.
Key steps to take when you realize you’ve been hacked:
Step 1: Disconnect your system and affected devices from the internet and internal networks to prevent further data loss or spread of malware. Power down your device and stop using it until it’s been checked by a professional.
Step 2: Consider freezing your credit file to prevent cybercriminals from opening new accounts in your name and setting up fraud alerts with major credit bureaus.
Step 3: Report the incident to the FBI’s Internet Crime Complaint Center, the FTC, as well as the local police department, which can help in recovery efforts.
Step 4: Inform your insurer if you have cyber liability insurance or identity theft coverage. Professionals can guide you through the claims process and can provide access to forensic experts, legal counsel, and other types of support to help you recover.
Step 5: Keep detailed records of what happened for insurance claims and legal protection, including:
- Time and date of discovery
- Suspicious emails or messages
- Screenshots of unusual activity
- Communications with banks, insurers, and law enforcement
Step 6: Reset passwords across all online accounts, especially financial, email, and cloud services, and monitor accounts for unauthorized transactions going forward.
Step 7: Engage experts who can identify how the breach occurred, what data was accessed, and how to prevent future incidents. In particular, trusted insurance advisors can help:
- Review current insurance coverage and identify gaps
- File an insurance claim and navigate the recovery process Recommend proactive risk management strategies
- Connect you with vetted cybersecurity partners
Is there insurance that can help protect individuals, executives, and public figures from financial losses if their likeness or image is used in a deepfake?
The short answer is yes. But for coverage to respond, the deepfake has to cause a financial loss, like a transfer of funds to a fraudulent or cyber criminal’s account.
While there’s no specific “deepfake insurance” you can buy, a combination of commercial and personal coverages can provide layered protection to individuals and executives if damages occur due to various scenarios generally caused by deepfakes. Among them:
- Data removal services to remove something from the internet to stop the fraud from continuing or perform a digital cleanse that can suppress the damage-causing information
- Public relations services to help restore your reputation, remove damaging content, and repair your image online and in the media
- Legal services that can help pay lawyer fees, settlements, and other litigation-related expenses if you’re falsely accused of something or you need to sue deepfake creators
- Restoration services to restore your online presence, clean up misinformation, and rebuild your personal brand
- Lost income if a deepfake causes you to lose business opportunities, job offers, endorsements, or speaking engagements
- Psychological services if cyberbullying is part of the deepfake and prevents you from going to work or leads to wrongful job termination
- Kidnap, ransom and extortion if a deepfake is used as part of a threat or blackmail attempt, e.g., threatening to release a fake compromising video unless you pay a large sum of money
Partnering with a trusted insurance advisor can help address your personal risk exposure and secure the protection you may need against deepfakes. Not only can advisors review your current insurance portfolio to see if situations related to a deepfake are covered, they can also suggest valuable services, like digital risk monitoring, which can continuously scan your online properties, identify vulnerabilities, and help you mitigate potential threats from cybercriminals.
Of course, insurance won’t prevent a deepfake from occurring. But a comprehensive insurance strategy that covers executives and successful individuals from both a business and personal standpoint can provide the financial support needed to help react, reduce damages, and recover.
What are some common exclusions successful individuals should be aware of when considering personal cyber coverage?
Personal cyber insurance policies can offer valuable protection, but they also come with a range of exclusions that can limit coverage. Understanding these exclusions is key to making sure a policy fits your needs. Here’s a quick break down of some common exclusions found in personal cyber insurance policies:
| What’s not covered | Why it’s excluded | What to consider |
|---|---|---|
| Professional activities | most cyber policies are designed for non-commercial use. So if a cyber incident is related to your business or professional activities. It’s likely excluded | If you run a business or work remotely, you may need a separate commercial cyber policy or endorsement |
| Intentional acts | Insurance won’t cover losses that result from deliberate or reckless behavior. | Even if the consequences weren’t intended, knowingly engaging in risky behavior can void your coverage |
| Prior knowledge | If you knew about a vulnerability before the policy started and didn’t take action, coverage may be denied. | Regular updates are essential to maintaining coverage. |
| Infrastructure failures | Not considered cyber risk. | Not typically covered under cyber insurance. |
| War and terrorism | Often considered uninsurable due to their scale and complexity. | Specialized coverage may be required for some regions or individuals. |
| Bodily injury and property damage | Cyber insurance focuses on digital harm, not physical damage. | Explore separate liability or property insurance for physical risks. |
| Cryptocurrency and digital assets | Known for extreme price fluctuations and lack of regulation. | If you invest in digital assets, you’ll likely need specialized coverage. |
| Unprotected systems | Incidents can stem from neglecting basic cybersecurity practices. | Always maintain good cyber hygiene. |
| Third-party services | It can be difficult to control security measures for third-party providers. | Some policies offer endorsements for these situations. |
| Regulatory and legal issues | Typical insurance exclusions. | Make sure your policy addresses regulatory exposures, if you have them. |
| Data recovery | Not all data loss is covered. | Backing up your data regularly is crucial for coverage. |
| Specific high-risk activities | Too challenging to insure. | Often fall outside the scope of personal cyber coverage. |
| Device-specific exclusions | Some devices may be considered insecure. | Always check your policy to see which devices are eligible for coverage. |
Choosing the right cyber insurance policy involves multiple factors. A trusted insurance advisor can help identify coverage gaps based on your lifestyle and assets, recommend endorsements or additional policies to address those gaps, ensure your cybersecurity practices align with policy requirements, and regularly review your coverage as your needs evolve.
What threats is AI presenting to successful individuals in terms of fraud?
Artificial intelligence (AI) is transforming lives. But it is also introducing new challenges that are increasingly relevant to successful individuals. From deepfakes to synthetic identity fraud, AI is amplifying the scale, sophistication, and speed of cyber threats, and posing difficulties managing them. Successful clients can be particularly vulnerable to AI-enhanced fraud due to their public visibility and digital footprint.
Potential incidents include:
- Deepfake impersonation through AI-generated audio and video deepfakes that can convincingly mimic a person’s voice or appearance and then be used in social engineering tactics to authorize fraudulent transactions or manipulate family members and staff.
- Synthetic identity theft that results when AI tools are used to combine real and fake data to create realistic synthetic identities, which can be used to open accounts, secure loans, or access private networks.
- AI-powered phishing that generates hyper- personalized messages using data scraped from social media and public records, and increases the likelihood of successful deception.
- Location spoofing and surveillance that can track the location of private, high-profile individuals and enable physical security breaches or stalking.
What is the difference between social engineering and deceptive funds transfer from a personal cyber insurance perspective?
These two cyber threats can seem very similar, but there is an important distinction between the two.
Social engineering
Instead of hacking into a system directly, cybercriminals trick people into giving up private information or access to financial accounts voluntarily based on some type of false information. IT often starts with a convincing email (or phone call) from someone pretending to be a trusted advisor, banker, or family member and asks you to verify your account details or click on a link.
Deceptive funds transfer
This is a type of social engineering scam where the goal is to get you to transfer money from a personal account usually to a fake account. Highly targeted, these scams can involve forged invoices, spoofed email addresses, or doctored wire instructions. Typically, fraudsters send an email that looks like it’s from one of your personal contacts, like your contractor or lawyer, who asks you to wire the funds. The logo, email address, names, signature, and message all look legitimate, so you willingly transfer the requested funds.
Both social engineering and deceptive funds transfer may be covered under personal cyber insurance, but they can be listed as separate coverages. In some cases, deceptive funds transfer can be more narrowly defined than social engineering, and can be covered if a transfer was fraudulently induced by scammers through fake instructions or phishing attacks and taken from a personal (not business) bank account.
What you may need to file an insurance claim:
- Written notice
- Detailed description
- Supporting evidence (e.g., bank records, emails)
- Bank/credit card refusal letter
- Proof of personal account status
- Cooperation with investigation
- Deductible payment
Make sure you’re protected by working with your insurance advisor to:
- Review your personal cyber insurance policy
- Understand which cybercrimes are covered, along with any sub-limits or exclusions
- Consider riders or endorsements that can customize your coverage and help provide the protection you need
Do executives need both business and personal cyber insurance?
The short answer is yes. In today’s digital world, the line between professional and personal life is increasingly blurred, especially for executives. Because executives often use their work email for a wide range of communications, including personal matters, they often create a digital overlap that cybercriminals can exploit. In fact, a 2024 study found that 64% of IT decision-makers believe senior executives are the most likely targets for cyberattacks within their organizations due to:
- Visibility: Name, title, and contact information are often publicly available
- Access to sensitive data: Executives have access to financials, strategic plans, and confidential communications
- Social engineering: Cybercriminals use impersonation tactics, like deepfake videos or fake emails, to trick employees or family members into giving money or information.
- Personal exposure: Executives are increasingly targeted for personal attacks, which often include identity theft or fraudulent bank account openings that corporate policies don’t cover.
Business cyber insurance is designed to protect a company’s interests and typically covers:
- Data breaches involving company systems
- Ransomware attacks on corporate networks
- Business interruption due to cyber incidents
- Legal liabilities and regulatory fines
- Costs related to notifying affected customers or stakeholders
Personal cyber insurance is designed to protect individuals/families from cyber threats, such as:
- Social engineering tactics
- Online fraud and scams
- Cyber extortion and ransomware targeting personal devices
- Unauthorized access to personal accounts
- Social media hacking
- Data recovery and legal support
As attacks grow more frequent and sophisticated, executives have also reported incidences of multiple unauthorized credit cards opened in their names, social media impersonation, ransom demands for personal photos or documents, and attacks on home networks and smart devices
The good news is that more insurers are offering personal cyber policies tailored to executives and successful individuals and families. Some policies now include coverage for spouses and children, recognizing that cyber threats often target the entire household. And more comprehensive plans offer services such as dark web monitoring, social media surveillance, and home network protection.
How can you be sure that wiring instructions you receive in an email from someone you know are legitimate?
What are some best practices individuals can use to validate these types of requests?
If you suspect your personal information is on the dark web, it’s important to mitigate potential damage. While there’s not much you can do to retrieve your stolen information, exercising good digital hygiene practices are important for protecting yourself (and your assets) once it’s there. Among them:
If you receive a request to wire or transfer money from one account to another, the number one thing you need to do is to directly call whoever sends the email and verify that they are indeed requesting the money transfer. Especially if there’s a change in payment instructions, or an urgency to do it as quickly as possible.
For anyone that regularly wires funds or sends money online, or through an app, there are a number of cyber safe practices to use every time you receive a request to transfer funds.
Always:
- Independently verify the specifics of the wiring instructions (e.g., amount to be transferred, account number, etc.) to confirm that the request is legitimate.
- Refer to prior correspondence for contact information or use a trusted phone number you have stored in your address book to call the sender.
- Check the sender’s email address carefully for small mistakes or changes that may indicate it’s fake.
- Take the time, even if it is only a few minutes, to verify money-wiring requests and payment instructions.
- Be leery of requests that urge you to act quickly.
- Report suspicious emails to your IT team if you are on a work computer.
Never:
- Take a wire transfer request at face value.
- Call (or click) the phone number off the e-mail request. Sophisticated deepfakes can easily mimic someone’s voice or appearance, so someone else could fraudulently verify or validate the information.
- Click on links within a wire-transfer email or download attachments unless you’re 100% sure it’s safe.
- Act quickly on a wire transfer you receive, either by text, phone call, or email, without checking and confirming that it’s a valid request first.
- Assume the request is valid because it “looks real.”
This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. The Baldwin Insurance Group Holdings, LLC (“The Baldwin Group”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. The Baldwin Group does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, The Baldwin Group does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.
