Beyond firewalls: why cyber insurance must keep pace

IN Partnership with

Precision attacks on high-net-worth households require specialized coverage built on deep data and underwriting insight

A DECADE AGO, when personal cyber insurance first entered the conversation, the threat landscape was simpler. Back then, “cyber” essentially meant identity theft, and nearly all protective measures such as credit monitoring, fraud alerts, and the like were aimed at that one threat. For wealth managers, it was an afterthought at best, rarely factoring into conversations about client portfolios or estate planning. But the world has changed. The same technologies that have transformed how clients live, transact, and invest have also rewritten the playbook for criminals. Sophisticated social engineering schemes, AI-driven impersonations, deepfakes, and coordinated attacks on family offices have moved cyber risk from the periphery of financial planning to the center. As the nature of these threats becomes more complex, so too must the way in which they are understood, managed, and insured. The result is widening exposure to financial, operational, and reputational fallout when a breach occurs. In this environment, relying solely on internal capabilities is no longer sustainable. Partnering with external expertise, including insurers who specialize in cyber risk, is becoming one of the most pragmatic and cost-effective ways to stay ahead. That shift is precisely what drives Kareen Boyadjian, vice president of cyber underwriting at Tokio Marine HCC – Cyber and Professional Lines Group, a member of the Tokio Marine HCC group of companies based in Houston. Boyadjian has spent more than a decade immersed in the intricacies of personal cyber risk − from the early days of identity theft coverage to the complex reality facing high-net-worth families today. “Tokio Marine HCC has this infectious culture of innovation,” she says. “We’re always pushing forward to develop new insurance products in anticipation of what’s next, while keeping true to discipline − the reason for our financial stability. That balance of growth and responsibility is what keeps me energized.”

Tokio Marine HCC − Cyber & Professional Lines Group (CPLG) is the US marketing name used to describe the cyber and professional lines-related insurance operations of Tokio Marine HCC. Tokio Marine HCC is a member of the Tokio Marine Group, a premier global company founded in 1879 with a market capitalization of $70 billion as of December 31, 2024. Headquartered in Houston, Texas, Tokio Marine HCC is a leading specialty insurance group. Tokio Marine HCC’s major domestic insurance companies have financial strength ratings of A+ (Strong) from S&P Global Ratings, A++ (Superior) from AM Best, and AA− (Very Strong) from Fitch Ratings.

Find out more

“Criminals are studying the lives of their targets through their email correspondence, online buying behavior, and transactions. We are seeing it mostly with high-net-worth individuals”

Kareen Boyadjian, Tokio Marine HCC

By the time ransomware started sweeping through companies in 2020, cybercrime had already begun to change direction. As corporate systems hardened and businesses invested more heavily in their defenses, attackers shifted their sights to a softer, often more lucrative target: individuals and the people around them. For wealthier families, that shift has been especially significant. “We’ve seen cybercrime evolve from a numbers game, blasting out scam emails and hoping a few people respond into highly targeted campaigns,” says Boyadjian. “Criminals are studying the lives of their targets through their email correspondence, online buying behavior, and transactions. We are seeing it mostly with high-net-worth individuals.” What was once a broad, indiscriminate attempt to deceive as many individuals as possible − typically by sending out generic scam emails with the hope that someone would click a malicious link − has evolved into a much more calculated and targeted approach. Today’s cybercriminals invest time in learning about a specific individual’s habits, the types of devices they use, their personal and professional relationships, and even their daily routines. This in-depth knowledge allows attackers to craft scams that are highly convincing and tailored to their intended victim.

Instead of obvious phishing attempts, these attacks may take the form of seemingly legitimate communications, such as a contractor sending what appears to be a routine invoice, a family member reaching out for urgent help, or even a trusted advisor requesting a funds transfer. The familiarity and authenticity of these scenarios make them far more likely to succeed, as they mirror genuine interactions and exploit the victim’s trust in their personal network. “Private clients,” Boyadjian explains, “may not be the weakest link. It could be an elderly parent who clicks the wrong link, or a teenager using an unsecured iPad. Once that happens, their money is the exposure.”

That exposure is made worse by how many entry points now exist on their network or devices. Smartphones, smart appliances, shared devices, and social media posts all feed into a person’s online profile, and every one of those can become a doorway. “Cybercriminals are asking themselves, ‘In what way can I get into that digital footprint?’” she says. “Is it the Wi-Fi on their refrigerator? Is it their kid’s tablet? They’re looking for any angle they can use.”

The rapid rise of artificial intelligence has only accelerated this change. “Artificial intelligence has pushed this into a much higher gear because it’s doing a lot of the work for these cybercriminals,” Boyadjian says. Tasks that once took weeks, like building a fake banking site or crafting a convincing phishing message, can now be done in minutes. “It could be as simple as typing into an AI tool, ‘Create a page that looks exactly like Zelle from Wells Fargo,’” she explains. “Before, that would have taken weeks. Now it takes minutes, and they can send it to anyone while pretending to be their contractor who’s owed $60,000.” It doesn’t stop there. Impersonation schemes now extend into deeply personal territory. Boyadjian points to “grandparent scams,” where criminals use AI voice cloning to pretend to be a stranded grandchild and pressure someone into sending money. “They’ll even have the fake grandchild say hello in the background. It’s chilling how convincing it can be,” she says. Against this backdrop, three misconceptions still put families at risk. The first is that a homeowners policy with a cyber endorsement is enough. In practice those endorsements often remain identity theft-centric, with limits that do not match the size or complexity of today’s losses. The second is that cybercrime happens to other people. Most criminals are chasing payouts, not headlines, and will pursue the easiest path to funds. The third is that technology alone will save the day. Cyber tools are necessary, but human error remains the primary failure mode. You still insure a house even if you have alarms and sprinklers.

“Most policies don’t account for social engineering, cyber extortion, data recovery, or cyberbullying, which are all major exposures today”

Kareen Boyadjian, Tokio Marine HCC

Tokio Marine HCC’s depth of expertise is a critical differentiator in this space. As one of the earliest underwriters in cyber, the company brings decades of accumulated data, historical insight, and incident experience to bear. They have seen events affect a family’s financial life, and know which steps shorten the path back to normal. That knowledge is the difference between a policy that looks good on paper and one that holds up under pressure. “Our insurance is a standalone cyber form backed by cyber leading underwriting and expert claims handling,” Boyadjian says. “Cyber attacks and events are not an afterthought. It’s what we do all day, every day.” Cybercriminals will keep iterating. They will keep learning from every blocked payment and every successful lure. The counterweight is a partner that learns faster. Tokio Marine HCC’s model is built for that race. It combines long-running datasets, specialized underwriting, and real-time response into a single operating system for personal cyber. For advisors charged with protecting a client’s wealth and peace of mind, that combination is no longer a luxury. It is the standard.

That’s where dedicated personal standalone cyber policies come in. They are designed for the complexity and cost of today’s cyber risks. They offer higher limits − often up to $1 million − and offer coverage on a much wider range of scenarios, including social engineering scams, cryptocurrency theft, fraudulent telephonic instructions, and even verbal authorizations that banks may consider valid. What sets us apart from other available coverage in the market is our government contacts. They can act quickly if we are notified soon enough to return their funds if they fall victim to wire transfer fraud. “That’s critical,” Boyadjian explains, “because financial institutions often hold themselves harmless if they have a recording of you authorizing a transaction.”

Cyber threats enter a new phase: targeted, personal, and sophisticated

The AI acceleration: new tools for attackers, new challenges for clients

Published November 10, 2025

WOMEN ADVISORS

PRACTICE MANAGEMENT

RETIREMENT

FINTECH

RIA NEWS

Issue Archive

My Account

Subscribers

Event Calendar

Editorial Calendar

Media Kit

Special Reports

Custom Research Services

Request Reprints

Why Tokio Marine HCC’s expertise sets it apart

The soaring cost of cybercrime

$12.5bn

total consumer losses to fraud in 2024, up 25% from the previous year (FTC)

lost through direct bank transfers, often unrecoverable once sent to criminal accounts

$2bn

lost to cryptocurrency scams, as attackers exploit new digital pathways

$1.4bn

stolen through scams that begin on social media platforms

$1.9bn

Many wealthy clients are still relying on protections designed for a different era. A common misconception is that their homeowners insurance already includes cyber coverage. In reality, most of them remain narrowly focused on identity theft, offering little or no protection against the most damaging modern threats. “That’s still a risk, but it’s no longer the primary one,” says Boyadjian. “Most policies don’t account for social engineering, cyber extortion, data recovery, or cyberbullying, which are all major exposures today.” Even where some coverage exists, the limits often fall far short of what’s needed. “The highest personal cyber limit I’ve seen on a homeowner’s policy is around $250,000,” Boyadjian explains. “That’s not enough to deal with a serious extortion event or financial loss.” The second major misconception people have is that cybercrime is unlikely to happen to them. Many clients assume that because they are not public figures, they are not targets. “Most criminals are after money,” Boyadjian says. “You’re just a number on a spreadsheet.” Technology itself can also create a false sense of security. Clients often assume that strong passwords, firewalls, and two-factor authentication make them invincible. Boyadjian cautions that while those controls are essential, they are not foolproof.

Beyond basic coverage: building true cyber resilience

Modern policies also account for emerging risks that homeowners insurance ignores. Coverage for cyberbullying, for example, can help families deal with the cascading costs − including, but not limited to, harassment, therapy, tutoring, and relocating a child to another school. Extortion is another key area of personal cyber coverage. Negotiators and forensic specialists are expensive, and they need to engage fast to prevent reputational damage. One more gap matters in the wealth management segment. Affluent clients rarely move money themselves. Advisors and account managers do, which creates vicarious liability when an authorized party is deceived. A homeowners policy is unlikely to address that exposure with the proper services and quick resolution required. A broad standalone cyber form can and should.