Special thanks to contributor Ryan Nowicki, Certified Advisor of Personal Insurance (CAPI), vice president of personal lines, R&R Insurance Services, Inc.
In the 1983 film WarGames, Matthew Broderick's character nearly starts World War III by hacking into a military computer while trying to play video games. When asked by the authorities how he accessed their secure system, he famously replied that he just dialed every number in Sunnyvale looking for a computer.
Today's cyber threats make that scenario look quaint. Your clients' 8-year-old on Roblox, their 14-year-old on TikTok, and their 18-year-old posting college acceptance letters on Instagram each face sophisticated threats that specifically target wealthy families—and unlike Mr. Broderick's character, today's bad actors know exactly what they're looking for.
73 percent of US adults have experienced an online scam or cyber attack at some point.
32 percent experienced one within the past year.
48 percent had fraudulent credit/debit card charges.
36 percent paid for an item online that never arrived or was counterfeit.
29 percent had a personal online account hacked (e.g., email, bank, or social media).
Even more concerning? Studies from the Pew Research Center, the National Telecommunications and Information Administration, the Federal Communications Commission, and Parks Associates each provide insights on the growing presence of digital devices in American households. Not surprisingly, higher-income households have far higher broadband adoption, more fixed plus mobile internet connections, and higher smart‑device adoption rates, making it quite likely that your financially successful clients have more than 25 internet-connected devices in their homes, ensuring each of those two dozen or more devices are a potential entry point for cyber criminals who have shifted from random attacks to precision targeting of affluent households.
The Perfect Storm: Wealth Meets the Wild West
The convergence of the following three factors has created unprecedented cyber risk for successful families.
Digital abundance. Multiple homes with smart systems, family offices with sensitive data, and children with unrestricted device access.
Public visibility. Social media presence, society pages, and business profiles that broadcast wealth indicators.
Generational disconnect. Parents who didn't grow up digital who try to protect children who've never known an analog world.
This isn't about fearmongering or suggesting families disconnect from modern life. It's about recognizing that the same digital tools that enrich our clients' lives have fundamentally altered their risk landscape—and traditional risk management approaches haven't kept pace.
Understanding the Threat Landscape by Life Stage
Just as we adjust car insurance when teens start driving, we must recognize that cyber risks evolve as children mature. Yet most families apply one-size-fits-all digital rules that leave dangerous gaps. The following are uncomfortable questions you should be asking your clients.
For Clients with Elementary School Children
Do they know which gaming platforms their 8-year-old uses and who they're talking to?
Would they recognize the signs of digital grooming or cyber bullying?
Have they considered that their child's Minecraft account could be the gateway to their home network?
For Clients with Middle Schoolers
Has their 12-year-old already shared enough information online to answer the family's bank security questions?
Do their children understand that today's "private" Snapchat could become tomorrow's college admission scandal?
Are the kids equipped to recognize when a "friend" is actually a social engineer gathering family intelligence?
For Clients with High Schoolers
Do their teens realize their digital footprint is now their permanent record?
Have the parents discussed how a vindictive peer could weaponize intimate content?
Do the children understand that accepting Venmo payments for tutoring could flag them for tax evasion?
For Clients with College-Aged Children
Are the young adults aware that spring break photos could derail job opportunities?
Do they know that cyber criminals specifically target them as the "soft underbelly" of wealthy families?
Have parents explained how their university email credentials could compromise the entire family's financial accounts?
The Million-Dollar Instagram Post: When Sharing Becomes Dangerous
The danger of social media oversharing isn't theoretical—it's been proven in devastating real-world cases that should serve as wake-up calls for your affluent clients.
The $10 Million Instagram Intelligence Operation
In October 2016, Kim Kardashian was robbed of approximately $10 million in jewelry at her Paris residence. The perpetrators didn't randomly target her—they later admitted to French authorities that they had tracked her movements and jewelry collection through her social media posts. After she posted photos of a new 20-carat engagement ring on Instagram, the robbers used her real-time social media updates to do the following.
Confirm she was in Paris
Identify her exact hotel location
Determine when she would be alone
Catalog the specific jewelry pieces worth stealing
The ringleader, Aomar Ait Khedache, told French authorities, "She was throwing money away, but she should be more discreet." This wasn't a crime of opportunity—it was social media intelligence gathering executed with precision.
The "Bling Ring" Blueprint
Even earlier, between 2008 and 2009, a group of teenagers in California demonstrated how easily social media could be weaponized against the wealthy. The so-called "Bling Ring" used celebrity social media posts, Google Maps, and celebrity address websites to do the following.
Track when stars would be at events or traveling
Survey properties using online tools
Plan entry and escape routes
They successfully burglarized over $3 million in luxury goods from homes, including those of Paris Hilton, Lindsay Lohan, and Orlando Bloom. The perpetrators later explained that they would know victims were away simply by checking social media posts and event calendars.
Social media wealth indicators (e.g., homes, cars, jewelry, or travel)
Research phase
Build family profile
LinkedIn for business travel, Instagram for personal schedules, or Facebook for relationships
Timing analysis
Determine when to strike
Real-time posts showing vacations, events, or "checking in" at locations
Value assessment
Catalog worthwhile assets
Posted photos of collections, new purchases, or home interiors
Execution
Physical or cyber theft
Accumulated intelligence creates a blueprint for theft
The Insurance Reality Check
The Kardashian case resulted in recovered jewelry and arrests, but most families aren't celebrities with dedicated security teams and law enforcement priority. Your clients need to understand that their family's Instagram, TikTok, and Facebook posts are creating a permanent, searchable database of intelligence that criminals are actively mining. Based on these real cases, help clients assess their vulnerability by asking the following questions.
Could someone determine when their home is empty from their social media posts?
Have their children posted photos that reveal home layouts, security systems, or valuable possessions?
Do they "check in" at locations in real-time, advertising their absence from home?
Have they posted about new high-value purchases, collections, or home renovations?
Could their vacation posts be creating a burglar's timeline?
The criminals who targeted Kardashian weren't sophisticated hackers—they were patient observers who understood that social media had handed them all the intelligence they needed. The question for your clients isn't whether they're posting similar intelligence, but whether they're ready for the consequences when someone decides to use it.
Building a Family Cyber-Defense Strategy
Here's where most articles would pivot to product recommendations. But as I've said before, starting with "what" before addressing "why" and "how" is precisely backward. Your clients need a cyber-risk management process, not just another policy to file away.
Start with Why (Their Objectives)
Before recommending security apps or coverage, help clients gain family alignment on core protection objectives.
Preserve family privacy and physical safety
Protect financial assets and identity integrity
Maintain reputation and future opportunities
Ensure business continuity if they own enterprises
Model responsible digital citizenship
Move to How (Their Process)
Guide clients through the same systematic approach we apply to other exposures.
Risk Identification
Catalog all family digital assets and access points.
Map data flows between family members and devices.
Identify wealth indicators visible online.
Assess each family member's vulnerability profile.
Risk Assessment
Which exposures could result in catastrophic loss?
What's their tolerance for privacy invasion versus convenience?
How would they respond to cyber extortion?
What would reputational damage mean for their children's futures?
Risk Mitigation
Technical controls (from password managers to network segmentation)
Behavioral protocols (age-appropriate digital hygiene)
Physical security integration
Vendor management for family office and household staff
Risk Transfer
Understanding what's actually covered (spoiler: probably less than you think)
Identifying coverage gaps across multiple policies
Evaluating stand-alone cyber-coverage options
Considering identity restoration services
Insurance Solutions: Beyond the Traditional Approach
The insurance industry's response to personal cyber risk reminds me of using a Band-Aid on a broken leg—it might make us feel better, but it doesn't address the real problem. Your clients' protection portfolio likely provides fragments of limited cyber coverage scattered across multiple forms, such as the following.
Homeowners insurance. May provide limited coverage for expenses arising from identity theft.
Umbrella insurance. Explicitly excludes most cyber events.
Credit cards. May offer limited fraud protection, but no coverage for reputational harm.
Employer benefits. May include identity monitoring (reactive, not preventive).
Table 1. What Comprehensive Cyber Coverage Should Address
Coverage Element
Why It Matters for High-Net-Worth Families
Typical Gaps
Cyber extortion
Ransomware targeting family photos or sensitive documents
Limited to business policies
Social engineering
Wire transfer fraud or spoofed vendor payments
Excluded as "voluntary parting"
Reputational harm
Children's college prospects or professional standing
Difficult to quantify or rarely covered
Cyber-bullying defense
Legal costs, counseling, or school changes
Treated as personal dispute
Digital asset recovery
Cryptocurrency, NFTs, or online investment accounts
Unclear valuation or limited coverage
Minor's identity theft
Years before discovery or lifetime impact
Inadequate monitoring periods
A good number of insurers now offer personal cyber coverage, most often as an endorsement on their homeowners policies. Of course, coverage varies widely, and key differentiators to examine when comparing options for clients include the following.
Proactive versus reactive. Does it include prevention services and indemnification of actual losses, or just the costs to restore a stolen identity?
Family-wide coverage. Are all household members protected?
Limit adequacy. Are the coverage limits meaningful against substantive exposures?
Breach coaching. Do they get immediate expert guidance?
Business overlap. How does it coordinate with professional coverage?
For those not yet familiar, Tokio Marine HCC—Cyber and Professional Lines Group has a "stand-alone" cyber-protection program: NetGuard® SELECT. This offering provides coverage for a wide range of cyber threats, including breach events and security and privacy liability, identity theft expenses, data recovery cost, cyber extortion, cyber crime, and cyber bullying. Coverage limits are available in increments up to $1 million. (See Tokio Marine HCC—Cyber for Individuals (NetGuard® SELECT.) This is just one example; more options are certain to be developed.
Creating Your Clients' Family Digital Risk Management Plan
Help your clients stop treating cyber security as an IT issue and recognize it as a family governance challenge. Here's a framework that actually works.
The Family Cyber Constitution
Recommend age-appropriate agreements that evolve with their children, such as the following.
Ages 5–10: The Foundation
Device time and location limits
Approved apps and websites only
No personal information sharing
Tell parents about anything uncomfortable
Ages 11–4: The Expansion
Social media training wheels (private accounts and parent monitoring)
Password manager introduction
Digital reputation awareness
Cyber-bullying response protocols
Ages 15–18: The Maturation
Gradual privacy increase with accountability
Financial account security training
Legal consequences education
Family security role as weakest link
18-Plus: The Partnership
Mutual security responsibility
Family office data protection
Professional reputation management
Next-generation education
Monthly Family Security Reviews
Just as they may review credit card statements, encourage clients to institute monthly cyber-check-ins.
Privacy setting audits across platforms
Suspicious activity discussions
Security update installations
Password manager hygiene
Incident response practice
Professional Support Integration
Advise your clients that their team should extend beyond insurance to include the following professionals.
Digital privacy attorney. Platform terms navigation.
Reputation management firm. Proactive monitoring.
Family counselor. Healthy digital boundaries.
IT specialist. Technical implementation.
Conclusion
In the movie WarGames, the supercomputer ultimately learns that the only winning move in global thermonuclear war is not to play. With cyber risks, abstinence isn't an option—our clients' families must engage with digital life. But we can encourage them to fundamentally change how they play the game.
The families I see recovering from cyber incidents all say some version of the same thing: "We never thought it would happen to us." Yet, when I ask if they've ever received a suspicious email, had a data breach notification, or known someone who's been hacked, they all say yes. The cognitive dissonance is striking—although they intellectually know the risk exists, too many perceive they are immune. There are some encouraging trends: Last year, the Private Risk Management Association (PRMA) conducted research that confirmed generational attitudes toward cyber risk differed (See 2025 PRMA Private Client Insurance Insights Survey.) While only 15 percent of baby boomers indicated they have concerns about cyber risk and would be willing to consider protective solutions, nearly 60 percent of millennials were open to adopting proactive measures.
Your clients' children will never know a world without digital risk, but that doesn't mean they must accept digital vulnerability. The same careful planning that we deploy to protect tangible wealth should also extend to our clients' digital assets and the family's online presence. The criminals targeting high net worth families aren't relying on luck or random number dialing anymore—they're sophisticated, patient, and specifically hunting for families just like the ones that you protect.
Cyber risks present a new(er) and different challenge for risk advisers. While we are all accustomed to guiding our clients to manage the risks they are well aware of, cyber risks are evolving rapidly. The result: Yesterday's protection strategies, if even implemented, can quickly become outdated and ineffective. Every day your clients operate without a current and comprehensive cyber-risk management plan, they're not getting any luckier—their inaction invites greater exposure.
As their trusted risk adviser, this risk represents both an opportunity and a responsibility. The question isn't whether your clients will face a cyber incident; it's whether you'll have prepared them for it. The choice is yours: abdicate managing the risks associated with cyber to another or help your clients by managing one of the most consequential risks that your clients face today. Which approach will you choose?
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Special thanks to contributor Ryan Nowicki, Certified Advisor of Personal Insurance (CAPI), vice president of personal lines, R&R Insurance Services, Inc.
In the 1983 film WarGames, Matthew Broderick's character nearly starts World War III by hacking into a military computer while trying to play video games. When asked by the authorities how he accessed their secure system, he famously replied that he just dialed every number in Sunnyvale looking for a computer.
Today's cyber threats make that scenario look quaint. Your clients' 8-year-old on Roblox, their 14-year-old on TikTok, and their 18-year-old posting college acceptance letters on Instagram each face sophisticated threats that specifically target wealthy families—and unlike Mr. Broderick's character, today's bad actors know exactly what they're looking for.
Consider these sobering findings from a 2025 Pew Research Center study.
29 percent had a personal online account hacked (e.g., email, bank, or social media).
Even more concerning? Studies from the Pew Research Center, the National Telecommunications and Information Administration, the Federal Communications Commission, and Parks Associates each provide insights on the growing presence of digital devices in American households. Not surprisingly, higher-income households have far higher broadband adoption, more fixed plus mobile internet connections, and higher smart‑device adoption rates, making it quite likely that your financially successful clients have more than 25 internet-connected devices in their homes, ensuring each of those two dozen or more devices are a potential entry point for cyber criminals who have shifted from random attacks to precision targeting of affluent households.
The Perfect Storm: Wealth Meets the Wild West
The convergence of the following three factors has created unprecedented cyber risk for successful families.
This isn't about fearmongering or suggesting families disconnect from modern life. It's about recognizing that the same digital tools that enrich our clients' lives have fundamentally altered their risk landscape—and traditional risk management approaches haven't kept pace.
Understanding the Threat Landscape by Life Stage
Just as we adjust car insurance when teens start driving, we must recognize that cyber risks evolve as children mature. Yet most families apply one-size-fits-all digital rules that leave dangerous gaps. The following are uncomfortable questions you should be asking your clients.
For Clients with Elementary School Children
For Clients with Middle Schoolers
For Clients with High Schoolers
For Clients with College-Aged Children
The Million-Dollar Instagram Post: When Sharing Becomes Dangerous
The danger of social media oversharing isn't theoretical—it's been proven in devastating real-world cases that should serve as wake-up calls for your affluent clients.
The $10 Million Instagram Intelligence Operation
In October 2016, Kim Kardashian was robbed of approximately $10 million in jewelry at her Paris residence. The perpetrators didn't randomly target her—they later admitted to French authorities that they had tracked her movements and jewelry collection through her social media posts. After she posted photos of a new 20-carat engagement ring on Instagram, the robbers used her real-time social media updates to do the following.
The ringleader, Aomar Ait Khedache, told French authorities, "She was throwing money away, but she should be more discreet." This wasn't a crime of opportunity—it was social media intelligence gathering executed with precision.
The "Bling Ring" Blueprint
Even earlier, between 2008 and 2009, a group of teenagers in California demonstrated how easily social media could be weaponized against the wealthy. The so-called "Bling Ring" used celebrity social media posts, Google Maps, and celebrity address websites to do the following.
They successfully burglarized over $3 million in luxury goods from homes, including those of Paris Hilton, Lindsay Lohan, and Orlando Bloom. The perpetrators later explained that they would know victims were away simply by checking social media posts and event calendars.
The Pattern Your Clients Must Recognize
These aren't isolated incidents. The FBI's Internet Crime Complaint Center regularly reports social media-enabled targeting of wealthy individuals. (See Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society, May 14, 2024.) The pattern is consistent.
The Insurance Reality Check
The Kardashian case resulted in recovered jewelry and arrests, but most families aren't celebrities with dedicated security teams and law enforcement priority. Your clients need to understand that their family's Instagram, TikTok, and Facebook posts are creating a permanent, searchable database of intelligence that criminals are actively mining. Based on these real cases, help clients assess their vulnerability by asking the following questions.
The criminals who targeted Kardashian weren't sophisticated hackers—they were patient observers who understood that social media had handed them all the intelligence they needed. The question for your clients isn't whether they're posting similar intelligence, but whether they're ready for the consequences when someone decides to use it.
Building a Family Cyber-Defense Strategy
Here's where most articles would pivot to product recommendations. But as I've said before, starting with "what" before addressing "why" and "how" is precisely backward. Your clients need a cyber-risk management process, not just another policy to file away.
Start with Why (Their Objectives)
Before recommending security apps or coverage, help clients gain family alignment on core protection objectives.
Move to How (Their Process)
Guide clients through the same systematic approach we apply to other exposures.
Insurance Solutions: Beyond the Traditional Approach
The insurance industry's response to personal cyber risk reminds me of using a Band-Aid on a broken leg—it might make us feel better, but it doesn't address the real problem. Your clients' protection portfolio likely provides fragments of limited cyber coverage scattered across multiple forms, such as the following.
A good number of insurers now offer personal cyber coverage, most often as an endorsement on their homeowners policies. Of course, coverage varies widely, and key differentiators to examine when comparing options for clients include the following.
For those not yet familiar, Tokio Marine HCC—Cyber and Professional Lines Group has a "stand-alone" cyber-protection program: NetGuard® SELECT. This offering provides coverage for a wide range of cyber threats, including breach events and security and privacy liability, identity theft expenses, data recovery cost, cyber extortion, cyber crime, and cyber bullying. Coverage limits are available in increments up to $1 million. (See Tokio Marine HCC—Cyber for Individuals (NetGuard® SELECT.) This is just one example; more options are certain to be developed.
Creating Your Clients' Family Digital Risk Management Plan
Help your clients stop treating cyber security as an IT issue and recognize it as a family governance challenge. Here's a framework that actually works.
The Family Cyber Constitution
Recommend age-appropriate agreements that evolve with their children, such as the following.
Ages 5–10: The Foundation
Ages 11–4: The Expansion
Ages 15–18: The Maturation
18-Plus: The Partnership
Monthly Family Security Reviews
Just as they may review credit card statements, encourage clients to institute monthly cyber-check-ins.
Professional Support Integration
Advise your clients that their team should extend beyond insurance to include the following professionals.
Conclusion
In the movie WarGames, the supercomputer ultimately learns that the only winning move in global thermonuclear war is not to play. With cyber risks, abstinence isn't an option—our clients' families must engage with digital life. But we can encourage them to fundamentally change how they play the game.
The families I see recovering from cyber incidents all say some version of the same thing: "We never thought it would happen to us." Yet, when I ask if they've ever received a suspicious email, had a data breach notification, or known someone who's been hacked, they all say yes. The cognitive dissonance is striking—although they intellectually know the risk exists, too many perceive they are immune. There are some encouraging trends: Last year, the Private Risk Management Association (PRMA) conducted research that confirmed generational attitudes toward cyber risk differed (See 2025 PRMA Private Client Insurance Insights Survey.) While only 15 percent of baby boomers indicated they have concerns about cyber risk and would be willing to consider protective solutions, nearly 60 percent of millennials were open to adopting proactive measures.
Your clients' children will never know a world without digital risk, but that doesn't mean they must accept digital vulnerability. The same careful planning that we deploy to protect tangible wealth should also extend to our clients' digital assets and the family's online presence. The criminals targeting high net worth families aren't relying on luck or random number dialing anymore—they're sophisticated, patient, and specifically hunting for families just like the ones that you protect.
Cyber risks present a new(er) and different challenge for risk advisers. While we are all accustomed to guiding our clients to manage the risks they are well aware of, cyber risks are evolving rapidly. The result: Yesterday's protection strategies, if even implemented, can quickly become outdated and ineffective. Every day your clients operate without a current and comprehensive cyber-risk management plan, they're not getting any luckier—their inaction invites greater exposure.
As their trusted risk adviser, this risk represents both an opportunity and a responsibility. The question isn't whether your clients will face a cyber incident; it's whether you'll have prepared them for it. The choice is yours: abdicate managing the risks associated with cyber to another or help your clients by managing one of the most consequential risks that your clients face today. Which approach will you choose?
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.