Special thanks to contributor Ryan Nowicki, Certified Advisor of Personal Insurance (CAPI),
vice president of personal lines, R&R Insurance Services, Inc.
In the 1983 film WarGames, Matthew
Broderick's character nearly starts World War III by hacking into a military computer
while trying to play video games. When asked by the authorities how he accessed their
secure system, he famously replied that he just dialed every number in Sunnyvale looking
for a computer.
Today's cyber threats make that scenario look quaint. Your clients' 8-year-old
on Roblox, their 14-year-old on TikTok, and their 18-year-old posting college acceptance
letters on Instagram each face sophisticated threats that specifically target wealthy
families—and unlike Mr. Broderick's character, today's bad actors know exactly what
they're looking for.
73 percent of US adults have experienced an online scam or cyber attack at some point.
32 percent experienced one within the past year.
48 percent had fraudulent credit/debit card charges.
36 percent paid for an item online that never arrived or was counterfeit.
29 percent had a personal online account hacked (e.g., email,
bank, or social media).
Even more concerning? Studies from the Pew Research Center, the National
Telecommunications and Information Administration, the Federal Communications
Commission, and Parks Associates each provide insights on the growing presence of
digital devices in American households. Not surprisingly, higher-income households have
far higher broadband adoption, more fixed plus mobile internet connections, and higher
smart‑device adoption rates, making it quite likely that your financially successful
clients have more than 25 internet-connected devices in their homes, ensuring each of
those two dozen or more devices are a potential entry point for cyber criminals who have
shifted from random attacks to precision targeting of affluent households.
The Perfect Storm: Wealth Meets the Wild West
The convergence of the following three factors has created unprecedented cyber risk for successful families.
Digital abundance. Multiple homes with
smart systems, family offices with sensitive data, and children with
unrestricted device access.
Public visibility. Social media presence,
society pages, and business profiles that broadcast wealth indicators.
Generational disconnect. Parents who
didn't grow up digital who try to protect children who've never known an analog
world.
This isn't about fearmongering or suggesting families disconnect
from modern life. It's about recognizing that the same digital tools that enrich our
clients' lives have fundamentally altered their risk landscape—and traditional risk
management approaches haven't kept pace.
Understanding the Threat Landscape by Life Stage
Just as we adjust car insurance when teens start driving, we must
recognize that cyber risks evolve as children mature. Yet most families apply
one-size-fits-all digital rules that leave dangerous gaps. The following are
uncomfortable questions you should be asking your clients.
For Clients with Elementary School Children
Do they know which gaming platforms their 8-year-old
uses and who they're talking to?
Would they recognize the signs of digital grooming or
cyber bullying?
Have they considered that their child's Minecraft
account could be the gateway to their home network?
For Clients with Middle Schoolers
Has their 12-year-old already shared enough information
online to answer the family's bank security questions?
Do their children understand that today's "private"
Snapchat could become tomorrow's college admission scandal?
Are the kids equipped to recognize when a "friend" is
actually a social engineer gathering family intelligence?
For Clients with High Schoolers
Do their teens realize their digital footprint is now
their permanent record?
Have the parents discussed how a vindictive peer could
weaponize intimate content?
Do the children understand that accepting Venmo payments
for tutoring could flag them for tax evasion?
For Clients with College-Aged Children
Are the young adults aware that spring break photos
could derail job opportunities?
Do they know that cyber criminals specifically target
them as the "soft underbelly" of wealthy families?
Have parents explained how their university email
credentials could compromise the entire family's financial accounts?
The Million-Dollar Instagram Post: When Sharing Becomes
Dangerous
The danger of social media oversharing isn't theoretical—it's been
proven in devastating real-world cases that should serve as wake-up calls for your
affluent clients.
The $10 Million Instagram Intelligence Operation
In October 2016, Kim Kardashian was robbed of approximately $10 million in
jewelry at her Paris residence. The perpetrators didn't randomly target her—they
later admitted to French authorities that they had tracked her movements and
jewelry collection through her social media posts. After she posted photos of a
new 20-carat engagement ring on Instagram, the robbers used her real-time social
media updates to do the following.
Confirm she was in Paris
Identify her exact hotel location
Determine when she would be alone
Catalog the specific jewelry pieces worth stealing
The ringleader, Aomar Ait Khedache, told French authorities, "She was throwing
money away, but she should be more discreet." This wasn't a crime of
opportunity—it was social media intelligence gathering executed with
precision.
The "Bling Ring" Blueprint
Even earlier, between 2008 and 2009, a group of teenagers in California
demonstrated how easily social media could be weaponized against the wealthy.
The so-called "Bling Ring" used celebrity social media posts, Google Maps, and
celebrity address websites to do the following.
Track when stars would be at events or traveling
Survey properties using online tools
Plan entry and escape routes
They successfully burglarized over $3 million in luxury goods from homes,
including those of Paris Hilton, Lindsay Lohan, and Orlando Bloom. The
perpetrators later explained that they would know victims were away simply by
checking social media posts and event calendars.
Social media wealth indicators (e.g., homes, cars, jewelry, or
travel)
Research phase
Build family profile
LinkedIn for business travel, Instagram
for personal schedules, or Facebook for relationships
Timing analysis
Determine when to strike
Real-time posts showing vacations, events,
or "checking in" at locations
Value assessment
Catalog worthwhile assets
Posted photos of collections, new
purchases, or home interiors
Execution
Physical or cyber theft
Accumulated intelligence creates a
blueprint for theft
The Insurance Reality Check
The Kardashian case resulted in recovered jewelry and arrests, but most families
aren't celebrities with dedicated security teams and law enforcement priority. Your
clients need to understand that their family's Instagram, TikTok, and Facebook posts
are creating a permanent, searchable database of intelligence that criminals are
actively mining. Based on these real cases, help clients assess their vulnerability
by asking the following questions.
Could someone determine when their home is empty from their
social media posts?
Have their children posted photos that reveal home layouts,
security systems, or valuable possessions?
Do they "check in" at locations in real-time, advertising
their absence from home?
Have they posted about new high-value purchases,
collections, or home renovations?
Could their vacation posts be creating a burglar's
timeline?
The criminals who targeted Kardashian weren't sophisticated hackers—they were patient
observers who understood that social media had handed them all the intelligence they
needed. The question for your clients isn't whether they're posting similar
intelligence, but whether they're ready for the consequences when someone decides to
use it.
Building a Family Cyber-Defense Strategy
Here's where most articles would pivot to product recommendations.
But as I've said before, starting with "what" before addressing "why" and "how" is
precisely backward. Your clients need a cyber-risk management process, not just another policy to file
away.
Start with Why (Their Objectives)
Before recommending security apps or coverage, help clients gain family alignment on core protection objectives.
Preserve family privacy and physical safety
Protect financial assets and identity integrity
Maintain reputation and future opportunities
Ensure business continuity if they own enterprises
Model responsible digital citizenship
Move to How (Their Process)
Guide clients through the same systematic approach we apply to other exposures.
Risk Identification
Catalog all family digital assets and access points.
Map data flows between family members and devices.
Identify wealth indicators visible online.
Assess each family member's vulnerability profile.
Risk Assessment
Which exposures could result in catastrophic loss?
What's their tolerance for privacy invasion versus convenience?
How would they respond to cyber extortion?
What would reputational damage mean for their children's futures?
Risk Mitigation
Technical controls (from password managers to network segmentation)
Behavioral protocols (age-appropriate digital hygiene)
Physical security integration
Vendor management for family office and household staff
Risk Transfer
Understanding what's actually covered (spoiler: probably less than you
think)
Identifying coverage gaps across multiple policies
Evaluating stand-alone cyber-coverage options
Considering identity restoration services
Insurance Solutions: Beyond the Traditional Approach
The insurance industry's response to personal cyber risk reminds me of using a
Band-Aid on a broken leg—it might make us feel better, but it doesn't address
the real problem. Your clients' protection portfolio likely provides fragments
of limited cyber coverage scattered across multiple forms, such as the
following.
Homeowners insurance. May provide limited coverage for expenses
arising from identity theft.
Umbrella insurance. Explicitly excludes most cyber events.
Credit cards. May offer limited fraud protection, but no coverage for
reputational harm.
Employer benefits. May include identity monitoring (reactive, not
preventive).
Table 1. What Comprehensive Cyber Coverage Should Address
Coverage Element
Why It Matters for High-Net-Worth Families
Typical Gaps
Cyber extortion
Ransomware targeting family photos or
sensitive documents
Limited to business policies
Social engineering
Wire transfer fraud or spoofed vendor
payments
Excluded as "voluntary
parting"
Reputational harm
Children's college prospects or
professional standing
Difficult to quantify or rarely
covered
Cyber-bullying defense
Legal costs, counseling, or school
changes
Treated as personal dispute
Digital asset recovery
Cryptocurrency, NFTs, or online
investment accounts
Unclear valuation or limited
coverage
Minor's identity theft
Years before discovery or lifetime
impact
Inadequate monitoring periods
A good number of insurers now offer personal cyber coverage, most often as an
endorsement on their homeowners policies. Of course, coverage varies widely, and
key differentiators to examine when comparing options for clients include the
following.
Proactive versus reactive. Does it include
prevention services and indemnification of actual losses, or just the costs
to restore a stolen identity?
Family-wide coverage. Are all household
members protected?
Limit adequacy. Are the coverage limits
meaningful against substantive exposures?
Breach coaching. Do they get immediate
expert guidance?
Business overlap. How does it coordinate
with professional coverage?
For those not yet familiar, Tokio Marine HCC—Cyber and Professional Lines
Group has a "stand-alone" cyber-protection program: NetGuard® SELECT. This
offering provides coverage for a wide range of cyber threats, including breach
events and security and privacy liability, identity theft expenses, data
recovery cost, cyber extortion, cyber crime, and cyber bullying. Coverage limits
are available in increments up to $1 million. (See Tokio Marine HCC—Cyber for Individuals (NetGuard® SELECT.) This is just one example; more options are certain
to be developed.
Creating Your Clients' Family Digital Risk Management
Plan
Help your clients stop treating cyber security as an IT issue and
recognize it as a family governance challenge. Here's a framework that actually
works.
The Family Cyber Constitution
Recommend age-appropriate agreements that evolve with their
children, such as the following.
Ages 5–10: The Foundation
Device time and location limits
Approved apps and websites only
No personal information sharing
Tell parents about anything uncomfortable
Ages 11–4: The Expansion
Social media training wheels (private accounts and
parent monitoring)
Password manager introduction
Digital reputation awareness
Cyber-bullying response protocols
Ages 15–18: The Maturation
Gradual privacy increase with accountability
Financial account security training
Legal consequences education
Family security role as weakest link
18-Plus: The Partnership
Mutual security responsibility
Family office data protection
Professional reputation management
Next-generation education
Monthly Family Security Reviews
Just as they may review credit card statements, encourage clients to institute
monthly cyber-check-ins.
Privacy setting audits across platforms
Suspicious activity discussions
Security update installations
Password manager hygiene
Incident response practice
Professional Support Integration
Advise your clients that their team should extend beyond
insurance to include the following professionals.
Digital privacy
attorney. Platform terms navigation.
Reputation management
firm. Proactive monitoring.
Family counselor.
Healthy digital boundaries.
IT specialist.
Technical implementation.
Conclusion
In the movie WarGames, the
supercomputer ultimately learns that the only winning move in global thermonuclear
war is not to play. With cyber risks, abstinence isn't an option—our clients'
families must engage with digital life. But we can encourage them to fundamentally
change how they play the game.
The families I see recovering from cyber incidents all say some
version of the same thing: "We never thought it would happen to us." Yet, when I ask
if they've ever received a suspicious email, had a data breach notification, or
known someone who's been hacked, they all say yes. The cognitive dissonance is
striking—although they intellectually know the risk exists, too many perceive they
are immune. There are some encouraging trends: Last year, the Private Risk
Management Association (PRMA) conducted research that confirmed generational
attitudes toward cyber risk differed (See 2025 PRMA Private Client Insurance
Insights Survey.) While only 15 percent of baby boomers indicated
they have concerns about cyber risk and would be willing to consider protective
solutions, nearly 60 percent of millennials were open to adopting proactive
measures.
Your clients' children will never know a world without digital
risk, but that doesn't mean they must accept digital vulnerability. The same careful
planning that we deploy to protect tangible wealth should also extend to our
clients' digital assets and the family's online presence. The criminals targeting
high net worth families aren't relying on luck or random number dialing
anymore—they're sophisticated, patient, and specifically hunting for families just
like the ones that you protect.
Cyber risks present a new(er) and different challenge for risk
advisers. While we are all accustomed to guiding our clients to manage the risks
they are well aware of, cyber risks are evolving rapidly. The result: Yesterday's
protection strategies, if even implemented, can quickly become outdated and
ineffective. Every day your clients operate without a current and comprehensive
cyber-risk management plan, they're not getting any luckier—their inaction invites
greater exposure.
As their trusted risk adviser, this risk represents both an
opportunity and a responsibility. The question isn't whether your clients will face
a cyber incident; it's whether you'll have prepared them for it. The choice is
yours: abdicate managing the risks associated with cyber to another or help your
clients by managing one of the most consequential risks that your clients face
today. Which approach will you choose?
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Special thanks to contributor Ryan Nowicki, Certified Advisor of Personal Insurance (CAPI), vice president of personal lines, R&R Insurance Services, Inc.
In the 1983 film WarGames, Matthew Broderick's character nearly starts World War III by hacking into a military computer while trying to play video games. When asked by the authorities how he accessed their secure system, he famously replied that he just dialed every number in Sunnyvale looking for a computer.
Today's cyber threats make that scenario look quaint. Your clients' 8-year-old on Roblox, their 14-year-old on TikTok, and their 18-year-old posting college acceptance letters on Instagram each face sophisticated threats that specifically target wealthy families—and unlike Mr. Broderick's character, today's bad actors know exactly what they're looking for.
Consider these sobering findings from a 2025 Pew Research Center study.
29 percent had a personal online account hacked (e.g., email, bank, or social media).
Even more concerning? Studies from the Pew Research Center, the National Telecommunications and Information Administration, the Federal Communications Commission, and Parks Associates each provide insights on the growing presence of digital devices in American households. Not surprisingly, higher-income households have far higher broadband adoption, more fixed plus mobile internet connections, and higher smart‑device adoption rates, making it quite likely that your financially successful clients have more than 25 internet-connected devices in their homes, ensuring each of those two dozen or more devices are a potential entry point for cyber criminals who have shifted from random attacks to precision targeting of affluent households.
The Perfect Storm: Wealth Meets the Wild West
The convergence of the following three factors has created unprecedented cyber risk for successful families.
This isn't about fearmongering or suggesting families disconnect from modern life. It's about recognizing that the same digital tools that enrich our clients' lives have fundamentally altered their risk landscape—and traditional risk management approaches haven't kept pace.
Understanding the Threat Landscape by Life Stage
Just as we adjust car insurance when teens start driving, we must recognize that cyber risks evolve as children mature. Yet most families apply one-size-fits-all digital rules that leave dangerous gaps. The following are uncomfortable questions you should be asking your clients.
For Clients with Elementary School Children
For Clients with Middle Schoolers
For Clients with High Schoolers
For Clients with College-Aged Children
The Million-Dollar Instagram Post: When Sharing Becomes Dangerous
The danger of social media oversharing isn't theoretical—it's been proven in devastating real-world cases that should serve as wake-up calls for your affluent clients.
The $10 Million Instagram Intelligence Operation
In October 2016, Kim Kardashian was robbed of approximately $10 million in jewelry at her Paris residence. The perpetrators didn't randomly target her—they later admitted to French authorities that they had tracked her movements and jewelry collection through her social media posts. After she posted photos of a new 20-carat engagement ring on Instagram, the robbers used her real-time social media updates to do the following.
The ringleader, Aomar Ait Khedache, told French authorities, "She was throwing money away, but she should be more discreet." This wasn't a crime of opportunity—it was social media intelligence gathering executed with precision.
The "Bling Ring" Blueprint
Even earlier, between 2008 and 2009, a group of teenagers in California demonstrated how easily social media could be weaponized against the wealthy. The so-called "Bling Ring" used celebrity social media posts, Google Maps, and celebrity address websites to do the following.
They successfully burglarized over $3 million in luxury goods from homes, including those of Paris Hilton, Lindsay Lohan, and Orlando Bloom. The perpetrators later explained that they would know victims were away simply by checking social media posts and event calendars.
The Pattern Your Clients Must Recognize
These aren't isolated incidents. The FBI's Internet Crime Complaint Center regularly reports social media-enabled targeting of wealthy individuals. (See Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society, May 14, 2024.) The pattern is consistent.
The Insurance Reality Check
The Kardashian case resulted in recovered jewelry and arrests, but most families aren't celebrities with dedicated security teams and law enforcement priority. Your clients need to understand that their family's Instagram, TikTok, and Facebook posts are creating a permanent, searchable database of intelligence that criminals are actively mining. Based on these real cases, help clients assess their vulnerability by asking the following questions.
The criminals who targeted Kardashian weren't sophisticated hackers—they were patient observers who understood that social media had handed them all the intelligence they needed. The question for your clients isn't whether they're posting similar intelligence, but whether they're ready for the consequences when someone decides to use it.
Building a Family Cyber-Defense Strategy
Here's where most articles would pivot to product recommendations. But as I've said before, starting with "what" before addressing "why" and "how" is precisely backward. Your clients need a cyber-risk management process, not just another policy to file away.
Start with Why (Their Objectives)
Before recommending security apps or coverage, help clients gain family alignment on core protection objectives.
Move to How (Their Process)
Guide clients through the same systematic approach we apply to other exposures.
Insurance Solutions: Beyond the Traditional Approach
The insurance industry's response to personal cyber risk reminds me of using a Band-Aid on a broken leg—it might make us feel better, but it doesn't address the real problem. Your clients' protection portfolio likely provides fragments of limited cyber coverage scattered across multiple forms, such as the following.
A good number of insurers now offer personal cyber coverage, most often as an endorsement on their homeowners policies. Of course, coverage varies widely, and key differentiators to examine when comparing options for clients include the following.
For those not yet familiar, Tokio Marine HCC—Cyber and Professional Lines Group has a "stand-alone" cyber-protection program: NetGuard® SELECT. This offering provides coverage for a wide range of cyber threats, including breach events and security and privacy liability, identity theft expenses, data recovery cost, cyber extortion, cyber crime, and cyber bullying. Coverage limits are available in increments up to $1 million. (See Tokio Marine HCC—Cyber for Individuals (NetGuard® SELECT.) This is just one example; more options are certain to be developed.
Creating Your Clients' Family Digital Risk Management Plan
Help your clients stop treating cyber security as an IT issue and recognize it as a family governance challenge. Here's a framework that actually works.
The Family Cyber Constitution
Recommend age-appropriate agreements that evolve with their children, such as the following.
Ages 5–10: The Foundation
Ages 11–4: The Expansion
Ages 15–18: The Maturation
18-Plus: The Partnership
Monthly Family Security Reviews
Just as they may review credit card statements, encourage clients to institute monthly cyber-check-ins.
Professional Support Integration
Advise your clients that their team should extend beyond insurance to include the following professionals.
Conclusion
In the movie WarGames, the supercomputer ultimately learns that the only winning move in global thermonuclear war is not to play. With cyber risks, abstinence isn't an option—our clients' families must engage with digital life. But we can encourage them to fundamentally change how they play the game.
The families I see recovering from cyber incidents all say some version of the same thing: "We never thought it would happen to us." Yet, when I ask if they've ever received a suspicious email, had a data breach notification, or known someone who's been hacked, they all say yes. The cognitive dissonance is striking—although they intellectually know the risk exists, too many perceive they are immune. There are some encouraging trends: Last year, the Private Risk Management Association (PRMA) conducted research that confirmed generational attitudes toward cyber risk differed (See 2025 PRMA Private Client Insurance Insights Survey.) While only 15 percent of baby boomers indicated they have concerns about cyber risk and would be willing to consider protective solutions, nearly 60 percent of millennials were open to adopting proactive measures.
Your clients' children will never know a world without digital risk, but that doesn't mean they must accept digital vulnerability. The same careful planning that we deploy to protect tangible wealth should also extend to our clients' digital assets and the family's online presence. The criminals targeting high net worth families aren't relying on luck or random number dialing anymore—they're sophisticated, patient, and specifically hunting for families just like the ones that you protect.
Cyber risks present a new(er) and different challenge for risk advisers. While we are all accustomed to guiding our clients to manage the risks they are well aware of, cyber risks are evolving rapidly. The result: Yesterday's protection strategies, if even implemented, can quickly become outdated and ineffective. Every day your clients operate without a current and comprehensive cyber-risk management plan, they're not getting any luckier—their inaction invites greater exposure.
As their trusted risk adviser, this risk represents both an opportunity and a responsibility. The question isn't whether your clients will face a cyber incident; it's whether you'll have prepared them for it. The choice is yours: abdicate managing the risks associated with cyber to another or help your clients by managing one of the most consequential risks that your clients face today. Which approach will you choose?
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.