Could Cyber Risk Break the Bank for Your High Net-Worth Clients?

By now, the case for cyber is clear on the commercial side.

But high net-worth insureds have unique exposures that have driven many carriers to address cyber as a personal lines risk as well.

For starters, “high net-worth insureds have increasingly complex homes,” says Jerry Hourihan, president, AIG Private Client Group. “Whether they’re for temperature, security, entertainment or computer networks, the number of devices these insureds have in their homes has exploded in the last five years. Every one of those IoT devices is a potential portal for a cybercriminal.”

Even outside the IoT, because many successful individuals and families have a higher public profile, they simply “have an increased exposure for cyber risk because of the scope and scale of their assets,” says Fran O’Brien, division president, Chubb Personal Risk Services. “They may have an investment manager, family office, domestic staff to help run their lives, thereby increasing their susceptibility to cyber risk.”

Consider a real-life situation in which a nanny was connected to an insured’s WiFi on her own device while working in their home. “It turns out that the nanny’s device had been infected with nasty malware, and malware can hop from device to device on your WiFi,” explains Mark Galante, president of field operations at PURE. “It ultimately installed a keystroke logger on one of the member’s devices which then enabled the cybercriminal to track all their activity, including email and financial transactions.”

Social engineering is another prime risk for high net-worth insureds, many of whom regularly wire large sums of money for asset transactions. “We regularly hear about cases where someone is deceived into wiring money to bad actors, and what complicates it when you’re a high net-worth individual is that they’re not just trying to deceive you—they’re trying to deceive your personal assistant or somebody else in your life who is authorized to work on your behalf,” Galante explains.

In another real-life claim, an insured’s personal assistant received an email that appeared to be from her boss, requesting that $110,000 be wired to purchase a boat. “The assistant knew the insured was closing on a boat, and as the authorized bank user on behalf of that member, she wired the money,” Galante says. “But the email had actually come from a cybercriminal who had hacked into the member’s email, seen how wire requests were made, followed the typical processes and took advantage of an imminent purchase. That’s $110,000 gone.”

Ideally, that’s where a personal cyber policy comes in—but Galante warns that insurance would only respond to a situation like this if it specifically covered data stored on the cloud by an email platform. “It’s important for agents and brokers to make sure they’re looking out for potential hidden coverage gaps,” he cautions.

Because high net-worth insureds are also uniquely susceptible to cyber extortion—situations in which a cybercriminal demands money to prevent damage to a device or distribution of damaging content they found on it—“you want to ensure there’s coverage to both provide a subject matter expert to help the member respond to the threat, and reimburse the insured in the event that a ransom-type payment is made,” Galante suggests.

Additional coverage elements high net-worth insureds may want to consider include identity theft and cyberbullying, O’Brien notes, as well as coverage for “cyberattacks that make a house uninhabitable”—such as when criminals take over smart devices—or those that interrupt a small business run from a person’s home.

Finally, look for a policy that includes complimentary access to third-party resources that can assist insureds with risk management steps, from securing networks and devices to spotting signs of online manipulation.

“Obviously people need to have adequate coverage if something does happen,” Hourihan says. “But our greatest concern is trying to understand what the risks are and lock them down so insureds don’t have to worry about a claim happening in the first place.”

Jacquelyn Connelly is IA senior editor.