Cybercriminals are increasingly targeting high-net-worth individuals rather than corporate networks, according to insurance specialists, as personal digital defences continue to lag behind the value of the assets being protected.
Darren Walsgrove, Personal Lines Director at Everywhen, said the risks extend beyond financial loss.
"For these individuals, it's not just their wealth on the line — it's their reputation and personal data. As a high-net-worth individual's influence and public exposure grows, they become more of a target," he said.
A 2024 Family Office Cybersecurity Report by Deloitte found that 43% of surveyed family offices had experienced a cyberattack in the prior two years. FBI data recorded losses exceeding $16.6 billion to cybercrime in the US in 2024 alone, up 33% on 2023 and 141% since 2021.
Social media is a significant vulnerability. Wealthy individuals with multiple accounts, properties and business interests present numerous entry points for attackers, and information shared online by family members can compound the risk even where the individual exercises caution. In the first half of 2023, the UK lost £43.5 million to deepfake impersonation fraud, with AI-generated voice and video increasingly used to deceive victims.
Walsgrove said underwriters are already incorporating digital behaviour into their assessments.
"Private client executives will check whether photos of valuable items have been posted, holiday updates shared, or anything that reveals the home is empty. Being outspoken on social media may not induce a good rating factor and can attract the wrong kind of attention," Walsgrove said.
He noted that burglary claims continue to be driven by basic security failures rather than sophisticated attacks.
Most standard home insurance policies either exclude cyber risks entirely or apply caps — often as low as $10,000 — that fall well short of the exposures facing wealthy clients.
The Private Risk Management Association's 2025 Private Client Insurance Insights Survey of 250 affluent homeowners found that roughly nine in ten expressed concern about cyberattacks, more than a quarter had already been a victim, and 58% said they had taken steps to manage their cyber risk but wanted to do more.
Kevin Daley, president of private client at EPIC Insurance Brokers & Consultants, said cyber has become a fixture in client conversations.
"I don't see a day in the near future that I'm not talking about cyber with clients," Daley said.
UK cyber claims totalled £197 million in 2024, a 230% increase on the prior year, with ransomware and malware accounting for 51% of all payouts, according to the Association of British Insurers. UK premiums fell 11% across 2025, a level brokers have described as approaching the floor of sustainability.
Marks & Spencer suffered a ransomware attack over Easter 2025, with up to ten million customer records compromised and an insurance claim reportedly approaching £300 million. A near-simultaneous attack on Co-op led the UK's Cyber Monitoring Centre — an independent non-profit body established by the insurance industry — to classify the two incidents as a single combined cyber event.
Launched in February 2025, the CMC uses a severity scale from one to five based on financial impact and the breadth of organisations affected.
