High net worth (HNW) individuals are acutely exposed to cyberattacks and financial fraud. They tend to hold large amounts of sensitive and confidential information, and because of their reputations as HNW individuals, even things that hold little or no monetary value can be exploited by criminals to cause significant harm.
Typical cyber-related scenarios that HNW individuals might face include the hacking of electronic devices, ransomware attacks, identity theft and identity fraud, distributed denial of service attacks, and doxing, which is the release of personal information about victims and their family members.
They’re vulnerable through literally every Internet-connected device in their homes, whether that’s a thermostat, a smart lightbulb or doorbell, a refrigerator, a laptop, or even a children’s toy. The growth of technology in our daily lives, especially for those who can afford the best of the best Internet of Things-connected devices, has sparked new methods for cyber criminals to obtain personal data and exploit HNW individuals.
The Private Risk Management Association (PRMA), a non-profit group comprised of HNW insurance carriers, agents and brokers, recently published a report that details the increasing cyber threat that HNW individuals face. According to Lisa Lindsay, executive director of the PRMA, and Darren McGraw, president of Mechelsen Private Client and founding member of the PRMA, there’s one thing that absolutely has to happen if HNW individuals want to address their cyber exposures effectively – they need to adopt a different mindset in which they take personal cybersecurity seriously.
“People don’t generally leave their homes without locking their doors. They have security systems to prevent burglaries, smoke alarms, flood detectors, and all sorts of other gadgets to protect their homes, but what we found through our latest study was that cybersecurity has not yet gained the same amount of attention from individuals. We believe individuals need to have the same cybersecurity mindset at home as they have when they’re at work,” said Lindsay.
Insurance brokers and agents who have close relationships with their clients are “in the best position to give counsel that will help people move towards better personal cyber hygiene,” according to McGraw. That’s not to say all brokers and agents dealing with HNW clients have to be experts in cyber risk. Rather, he said it’s about nurturing a few overarching philosophical understandings in order to be an effective counsellor and advocate for clients.
“I believe it starts with an understanding that personal cyber risk is not simply a technology issue; it’s more of a behavioral issue. People’s behaviors are a bigger predictor of how exposed they are to cyber risk than any technology piece in and of itself,” McGraw told Insurance Business. “In that context, brokers and agents need to continue to ask good questions to draw out risk exposures. They can apply the same types of questions they would ask around perils like fire, theft, wind and water but in the context of cyber. And while they don’t all have to be experts, brokers can provide added value by offering tidbits of best practice cyber risk mitigation or pointing people in the right direction in terms of technology.”
Many businesses today require employees to undergo some form of cybersecurity training. In the business or commercial space, people are willing and interested in following governance and cybersecurity protocols because they fear their job might be at stake if they don’t. Outside of the business environment, that same known consequence does not exist. Individuals don’t have a boss breathing down their necks demanding they follow strict cybersecurity protocols at home, and, as such, it can sometimes be challenging for insurance brokers and agents to get that message across.
“I would say, anecdotally, that the more people see individuals and families suffering losses from cyber-related incidents, the more attention they’re going to pay to it,” said McGraw. “Brokers and agents need to encourage open communication and dialogue that helps clients overcome optimism bias by saying: ‘Oh yeah, I know someone who suffered a cyberattack.’ By using claims data and real-life examples, brokers and agents can encourage clients to spend more time thinking about their personal cyber risk.”
Lindsay added: “It’s important for brokers and agents to provide education in really digestible pieces. One conversation is not going to solve somebody’s entire cybersecurity risk, but having that conversation on a regular basis will help people adopt a different mindset. We can encourage clients to make smart choices about how they manage their IoT connected devices. Ask them the question: ‘Do you really need to have your washing machine hooked up to the internet? If you’re not getting any benefit out of that, save yourself some potential trouble and don’t connect it.’ It’s really about helping individuals to take a step back so that they can understand their potential cyber exposures and think about how to mitigate them.”