The cyber threat is growing, with criminals increasingly targeting individuals in addition to corporations. Personal security expert Philip Grindell discusses the importance of a proactive approach to identifying and securing one’s digital footprint, being prepared for attacks before they happen. Content produced in partnership with Aon.
Cybercrime is on the rise. The increasing adoption of internet-connected devices to assist with day-to-day tasks has created a proliferating network of vulnerabilities for malicious actors to exploit.
This trend is particularly pronounced in the UK, which is home to the greatest proportion of cybercrime victims per million internet users, according to figures from AAG. And while high-profile data breaches and corporate hacking campaigns often steal the spotlight, it is not only companies and government bodies which are exposed to this multi-billion-pound threat.
In a recent survey conducted by Spear’s, in partnership with Aon, readers across three demographics – high net-worth individuals (HNWs), mid net-worths and those of emerging wealth – identified cybercrime as their most universally shared specific risk concern. And they are right to be worried; high-value individuals are increasingly being singled out and targeted by ever more capable and ambitious cyber criminals.
‘I think people underestimate what information is out there and what degree of risk that exposes you to. We’re leaking information all the time, even when we don’t realise it,’ cautions Philip Grindell, CEO and founder of Defuse, a boutique consultancy that provides security and threat management for high-profile individuals, private family offices and organisations.
‘Nowadays criminals can do their research online. And just using open-source information, they could find anything from where you live to the plans of your home, what security you’ve got, which event you’re attending, where you holiday and what watch you wear.’
As technological penetration increases, the scale and ambition of cybercrime is also growing. Some derive solace from advances in the sophistication of digital safeguards like biometric security systems and passcodes. But Grindell, who features in the Spear’s 500 as Top Recommended for Security, Intelligence & Investigations, points out that there is only so much technology can achieve.
‘Nine times out of ten, it’s human error that causes a cyber risk,’ he says. ‘We all know that if you get an email from someone you don’t know, you shouldn’t open it. But we still do. Or perhaps we have blindingly obvious passwords. Or we share our bank details on phone calls, even though we know that banks will never ask for that information. We often forget about the easy options, even though those do most of the work.’
HNWs are uniquely exposed, as Grindell explains: ‘They are in the public eye by definition. Some are very private people and might think that they’re less conspicuous, but they’re still likely to be featured on rich lists, and they’re probably celebrities in their own industry. People might lock onto them because of their wealth or because they disagree with what they’re doing.’
Among Spear’s readers polled for the survey, a majority said they had become more concerned about their exposure to risk as their net worth has increased. Only 5% of respondents with a net-worth of over £2.5 million saying they were not concerned by cybercrime. For Grindell, heightened risk demands a change of perspective.
‘When we use the term ‘cyber’, I think most people will have an image of a hacker, for example, sitting at a screen filled with numbers. Of course, that’s part of it. But in reality, modern cybercrime can be a far simpler process, and far more dangerous, because you don’t need to have all those technical skills. We live in a digital age, and a lot of the work we do demonstrates that most people have little concept of the volume of private information that is publicly available.’
A Chartered Security Professional with an MSc in security management, Grindell led the effort to protect MPs after the death of Jo Cox during his time in the Metropolitan Police. He set up Defuse to protect clients from physical, reputational and psychological harm using a combination of protective intelligence, behavioural science and rigorous data analysis.
‘One client asked me to review their online vulnerability, saying I wouldn’t find much as they were not on social media,” recalls Grindell. “Due to the volume of online content that was available, I was able to create a fake profile so convincing that even their children became friends. I could have theoretically destroyed that individual’s reputation by posting a racist or homophobic comment in their name.’
In a world fraught with cyber vulnerabilities – from younger generations in our families posting private information on social media to our addresses being publicly accessible via the electoral register – it is increasingly important to take a holistic approach to the cyber threat, one which incorporates not just your personal devices but also other aspects of your life which could unwittingly provide information to malicious actors.
‘Fortunately, all of these things are foreseeable and preventable,’ Grindell suggests. ‘If you do digital audits to understand how exposed you are and bring your security provider into your trusted group alongside PR teams and legal advisers, you can work out how threats could compromise your security before they happen.’
In a world where cyber protection is a need to have rather than a nice to have, insurance brokers focused on private clients are also offering increasingly personalised consultation, coverage and a range of products addressing cyber extortion, financial loss and personal protection.
Education also plays a key role. Myths and misconceptions around cybercrime exacerbate the problem, helping to create knowledge gaps which can be easily exploited. One such misconception is that cyber threats are uniquely levelled against big companies.
‘Very often people go to great lengths at work to have cyber programmes in place in terms of policies and software. But we don’t do the same thing at home!’ Grindell laments. ‘How many people, when they get a new broadband system set up, change their password? If I can get the code to that, then I can hack into your TV, smart speaker, everything,’ he emphasises.
30.6% of HNW individuals polled in the Spear’s/Aon readers survey said they had already been victims of cybercrime, but just 21.4% had taken out personal cyber insurance and fewer still, 11%, had purchased a cyber security review or risk management service. A significant majority (62.7%) said that smart technology and digital solutions made them feel either somewhat or significantly more secure. At a time in which tech and connectivity bleeds into every facet of our lives, however, it is important to be aware that what is intended to protect can also expose you.
‘We’ve done a few security reviews of properties. Sometimes the technological equipment that they get installed – things like iris scanners – just isn’t practical. A lot of people get sold a load of technical kit, but technology can be hacked. It’s just adding another vulnerability. Simple options are the best,’ Grindell reiterates.
With the rate of technological change only set to grow in the coming years as smart homes and keyless cars become mainstream, it seems unlikely that this threat will subside any time soon.
Instead, experts will need to keep up with the burgeoning arsenals of cyber criminals, and ordinary citizens will have to learn how best to prepare, protect and insure themselves in case of loss in an increasingly connected world. Grindell’s advice is simple: ‘Before we’re consumed by questions like how to stop bugs and hackers, we should start with the simple thing: cleaning up our digital footprints. That’s the greatest risk.’