Strategy
Your Bodyguard Can't Stop This

Executives and wealthy families are spending record sums on physical security. The attack that will actually harm them is invisible – and almost entirely undefended. The author of this article inspects the details and demonstrates strategies to take matters forward.
The following contributed article comes from Derek Blok (pictured below), who is the founder and chief executive of Invincyble. The organization calls itself a private firm offering confidential white-glove protection and crisis mitigation for high net worth individuals, family offices, and private companies.
Blok wrote an article about lessons from the recent takedown of a major criminal organization engaged in ransomware. (See here.)
Physical and digital threats to individuals and their families are very much in the public eye, as evidenced in this article. The author examines a recent prominent case and the lessons he thinks it holds. The editors are pleased to share this content; the usual editorial disclaimers apply to views of guest writers. Email tom.burroughes@wealthbriefing.com and amanda.cheesley@clearviewpublishing.com
In December 2024, the murder of UnitedHealth Group CEO Brian Thompson outside a midtown Manhattan hotel sent a wave of fear through America’s executive class. Within weeks, threats against corporate leaders surged more than 40 per cent. Security firms reported that they were turning clients away. Allied Universal – the world’s largest security provider – recorded a 1,500 per cent increase in threat assessment requests. A Goldman Sachs survey of 291 companies found that 27 per cent now provide personal security for their CEOs, a 59 per cent jump in two years.
The response was understandable. Visible threats demand visible responses. But I spent over a decade defending the US from cyber threats – including five years as director of Cyber Terrorism and Security in the Defense and Intelligence community. When I left that world, I expected to find that the wealthiest, most high-profile families in America had equivalent protection for their digital lives. They didn’t. Most still don’t. And I need to say this plainly: for most of the executives and families now investing in physical protection, the attack that will actually harm them won’t come from a gunman. It will come from someone at a laptop, thousands of miles away. And no bodyguard will see it coming.
“The most dangerous threat facing wealthy families today doesn’t wear a mask. It sends an email. It makes a phone call. It sounds exactly like someone you trust.”
The numbers don’t lie
The FBI’s 2025 Internet Crime Report – released in
April 2026 – documented $20.9 billion in US cybercrime
losses, a 26 per cent increase over the prior year and the first
time in the IC3’s 25-year history that annual complaints exceeded
one million. Business Email Compromise (BEC), in which criminals
impersonate a trusted contact to redirect a wire transfer,
accounted for $3 billion of those losses. These are not random
attacks. They are precisely targeted operations against the
people with the most to lose.
According to Deloitte’s Family Office Cybersecurity Report, 57 per cent of North American family offices experienced a cyberattack in the preceding 24 months. Among offices managing over $1 billion in assets, the figure reaches 62 per cent. Half were struck three or more times.
The median annual security spend per executive at S&P; 500 companies is $75,000, according to the Conference Board. The average cost of a single data breach reached $4.88 million in 2024, per IBM. The disparity is not sustainable.
A weapon that didn’t exist five years ago
What has changed the calculus entirely is artificial
intelligence. Voice deepfakes surged 680 per cent year-over-year
in 2024. Deepfake fraud attempts rose more than 1,300 per cent in
the same period, climbing from roughly one attempt per month to
seven per day in financial contact centers, according to
Pindrop’s 2025 Voice Intelligence Report. The Deloitte
Center for Financial Services projects AI-driven fraud will reach
$40 billion in the US by 2027.
Here is how it works in practice. An attacker harvests audio of a family’s CFO from a podcast or conference recording. Using tools available to anyone online, they clone that voice. Then they call the estate manager on a Saturday morning – urgent tone, plausible story, wire transfer instructions to a controlled account. The voice is indistinguishable from the real one. By the time anyone realizes it, the money is gone.
This is not theoretical. In February 2024, a finance worker at global engineering firm Arup wired $25 million to fraudsters after participating in a video call in which every other participant – including his CFO – was a deepfake. That attack hit a corporation. The same technology is now being deployed against private families, where the defenses are far thinner and the response time far slower.
The gap no one is protecting
The structural problem is this: enterprise cybersecurity protects
the institutional perimeter – the office servers, the
trading platforms, the business email systems. It was never
designed to protect the principal’s personal iPhone, home Wi-Fi
network, household staff laptops, or the family group chat where
someone just posted the summer travel itinerary.
That unprotected personal digital ecosystem is now the attack surface sophisticated adversaries exploit most aggressively. Data brokers – legal companies that aggregate and sell personal information – maintain detailed profiles on high net worth individuals available to anyone willing to pay. A motivated criminal can purchase home addresses, vehicle registrations, travel patterns, and family member details in under an hour. The same data that enables targeted financial fraud also enables physical surveillance. The digital and physical threat landscapes are no longer separate. They feed each other.
“A family that has invested millions in physical security but neglected their digital life has published an operational manual for anyone who wants to cause them harm.”
What protection actually requires
This problem is solvable – but not with the same tools used
to secure corporate IT. Protecting a UHNW family requires
reducing their digital footprint across data broker databases;
hardening personal devices and home networks outside any
enterprise perimeter; implementing out-of-band verification
protocols for financial instructions that cannot be spoofed by a
cloned voice; continuous dark web monitoring for mentions of the
family’s name or credentials; and a pre-planned incident response
protocol that enables rapid action when a breach occurs.
The FBI’s Financial Fraud Kill Chain froze $679 million in fraudulent transfers in 2025 – but only when victims acted within hours. Speed requires preparation, and preparation requires a plan that exists before the call comes.
The murder of Brian Thompson was a tragedy. The physical security response it triggered is, for many, long overdue. But if the only lesson we take from this moment is that we need more bodyguards and bigger fences, we will have missed the more immediate threat hiding in plain sight.
Your bodyguard is essential. But he cannot intercept a wire transfer. He cannot stop a deepfake voice from calling your bank. He cannot remove your home address from a data broker’s database. That requires a different kind of protection – one built for the world we actually live in, not the one our instincts have prepared us for.
About the author
Derek Blok is founder and chief executive of Invincyble LLC &
Hackerly FE. Blok is an ethical hacker and former Director
of Cyber Terrorism and Security in the US defence and
Intelligence community. He is the founder and CEO of two
cybersecurity companies: Invincyble LLC, a private firm offering
confidential, white-glove cybersecurity protection and crisis
mitigation for high net worth individuals, family offices, and
private companies; and HackerLyfe, an A+ government contracting
company serving the defense industry.

Derek Blok
Sources
– FBI Internet Crime Complaint Center (IC3) – 2025
Internet Crime Report, April 2026;
– Deloitte Private – Family Office Cybersecurity
Report 2024;
– Deloitte Center for Financial Services – Generative AI
Fraud Projection, 2025;
– Goldman Sachs – 2025 Executive Security Survey
(291 companies);
– Allied Universal – World Security Report,
September 2025;
– Pindrop – 2025 Voice Intelligence & Security
Report;
– IBM –Cost of a Data Breach Report 2024;
– The Conference Board – Rising Risks, Rising Costs: US
Public Companies Spending More on CEO Security, 2025;
and
– Financial Times – Arup deepfake wire fraud
incident, February 2024