A recent webinar brought together experts from Tokyo Marine HCC and IDX DFIR Services to talk about the growing threat of personal cyber risks. The discussion highlighted how cyber threats have evolved from simple identity theft to sophisticated scams involving AI, deepfakes, and social engineering.
The session, titled "From Phishing to Deepfakes, The New Age of Personal Cyber Risk," took place online with Paul Lucas from Insurance Business moderating. Panelists included Kareen Boyadjian and Richard Savage from Tokyo Marine HCC, and Nicholas Kramer and Jamie Tolles from IDX. They shared insights on the rising dangers individuals and families face in today’s digital world.
Kareen Boyadjian discussed how personal cyber threats have changed over the past decade. Identity theft used to be the main concern, but today, scams that trick people into giving away money or information are far more common. Social engineering, where scammers manipulate trust to steal funds, now drives most losses. AI has made these scams more convincing, allowing cybercriminals to send more targeted and believable messages. In fact, impersonation scams make up nearly 30% of fraud losses in 2024, showing just how serious this problem has become.
Richard Savage echoed these points and added that the frequency of these scams is increasing quickly. Phones are now a common target for phishing through fake texts and calls. Scammers often send vague, odd messages aiming to start conversations and build trust. This “numbers game” approach means that even a small percentage of responses can lead to many victims.
Jamie Tolles emphasized that the threats go beyond emails. Text messages, voice phishing (vishing), and account takeovers are all emerging tactics. Attackers use AI to mimic voices for phone scams and target social media or older email accounts that might lack strong security. These techniques help criminals get past basic defenses.
Nicholas Kramer highlighted that as people use more connected devices at home, like routers, vulnerabilities increase. Many devices don’t get timely software updates or have weak security settings, leaving homes open to attacks. He also pointed out that cybercriminals are using tactics from business attacks and applying them to personal accounts. AI tools now allow even less skilled scammers to launch effective cybercrimes.
The panel shared real-life examples to show how damaging these threats can be. Richard Savage described a "pig butchering" scam, where a victim was tricked into investing in fake cryptocurrencies after building a false friendship online. Jamie Tolles recounted a case where a thief used stolen personal data to fake a driver’s license and withdraw thousands from business bank accounts. Nicholas Kramer told of a high-net-worth individual whose personal email was hacked, leading to millions being stolen from his investment accounts.
When discussing how to fight these risks, the experts agreed on the importance of preparedness and knowing where to turn for help. Brokers and agents should update their knowledge to understand current cyber threats better. Advising clients on practical steps like using multi-factor authentication, monitoring privacy settings, and avoiding risky behaviors—such as installing cracked software—is key.
The experts noted that personal cyber insurance is no longer just a nice addition. It’s becoming essential for protecting against the financial fallout of cyber incidents. Coverage should go beyond identity theft to include fraud, phishing, and wire transfer scams. Having access to expert response teams can also help victims recover faster and reduce damage.
Looking ahead, the panel warned that fraud will continue to grow in both frequency and complexity. They urged everyone to stay alert, question suspicious requests, and verify communications carefully. Social media privacy settings and data broker opt-outs could reduce the chances of being targeted. The increasing involvement of nation-state attackers and the ongoing evolution of AI scams mean no one can afford to be complacent.
In response to audience questions, the panel stressed the importance of verifying wire transfers through known contacts and acting quickly if fraud is suspected. They also advised against deleting evidence after an attack, as it hampers investigations. Factory resets could remove some malware but are not foolproof, especially if devices are jailbroken or compromised in other ways. Common signs of identity theft include unexpected multi-factor authentication requests and sudden password reset emails.
The experts agreed that criminals most often target financial accounts first, but emails, social media, and mobile phones can also be entry points. Vigilance, good security habits, and proper insurance coverage are the best defenses.
The webinar served as a reminder that cyber risks affect everyone, not just big companies. Families and individuals need to take these threats seriously, learn about protection measures, and build resilience before an incident happens. With scams becoming more advanced by the day, knowledge and preparedness remain the best tools to stay safe.