Print this article
Your Bodyguard Can't Stop This
Derek Blok
13 July 2026
The following contributed article comes from Derek Blok , who is the founder and chief executive of Invincyble. The organization calls itself a private firm offering confidential white-glove protection and crisis mitigation for high net worth individuals, family offices, and private companies. Sources
Blok wrote an article about lessons from the recent takedown of a major criminal organization engaged in ransomware.
Physical and digital threats to individuals and their families are very much in the public eye, as evidenced in this article. The author examines a recent prominent case and the lessons he thinks it holds. The editors are pleased to share this content; the usual editorial disclaimers apply to views of guest writers. Email tom.burroughes@wealthbriefing.com and amanda.cheesley@clearviewpublishing.com
In December 2024, the murder of UnitedHealth Group CEO Brian Thompson outside a midtown Manhattan hotel sent a wave of fear through America’s executive class. Within weeks, threats against corporate leaders surged more than 40 per cent. Security firms reported that they were turning clients away. Allied Universal – the world’s largest security provider – recorded a 1,500 per cent increase in threat assessment requests. A Goldman Sachs survey of 291 companies found that 27 per cent now provide personal security for their CEOs, a 59 per cent jump in two years.
The response was understandable. Visible threats demand visible responses. But I spent over a decade defending the US from cyber threats – including five years as director of Cyber Terrorism and Security in the Defense and Intelligence community. When I left that world, I expected to find that the wealthiest, most high-profile families in America had equivalent protection for their digital lives. They didn’t. Most still don’t. And I need to say this plainly: for most of the executives and families now investing in physical protection, the attack that will actually harm them won’t come from a gunman. It will come from someone at a laptop, thousands of miles away. And no bodyguard will see it coming.
“The most dangerous threat facing wealthy families today doesn’t wear a mask. It sends an email. It makes a phone call. It sounds exactly like someone you trust.”
The numbers don’t lie
The FBI’s 2025 Internet Crime Report – released in April 2026 – documented $20.9 billion in US cybercrime losses, a 26 per cent increase over the prior year and the first time in the IC3’s 25-year history that annual complaints exceeded one million. Business Email Compromise , in which criminals impersonate a trusted contact to redirect a wire transfer, accounted for $3 billion of those losses. These are not random attacks. They are precisely targeted operations against the people with the most to lose.
According to Deloitte’s Family Office Cybersecurity Report, 57 per cent of North American family offices experienced a cyberattack in the preceding 24 months. Among offices managing over $1 billion in assets, the figure reaches 62 per cent. Half were struck three or more times.
The median annual security spend per executive at S&P; 500 companies is $75,000, according to the Conference Board. The average cost of a single data breach reached $4.88 million in 2024, per IBM. The disparity is not sustainable.
A weapon that didn’t exist five years ago
What has changed the calculus entirely is artificial intelligence. Voice deepfakes surged 680 per cent year-over-year in 2024. Deepfake fraud attempts rose more than 1,300 per cent in the same period, climbing from roughly one attempt per month to seven per day in financial contact centers, according to Pindrop’s 2025 Voice Intelligence Report. The Deloitte Center for Financial Services projects AI-driven fraud will reach $40 billion in the US by 2027.
Here is how it works in practice. An attacker harvests audio of a family’s CFO from a podcast or conference recording. Using tools available to anyone online, they clone that voice. Then they call the estate manager on a Saturday morning – urgent tone, plausible story, wire transfer instructions to a controlled account. The voice is indistinguishable from the real one. By the time anyone realizes it, the money is gone.
This is not theoretical. In February 2024, a finance worker at global engineering firm Arup wired $25 million to fraudsters after participating in a video call in which every other participant – including his CFO – was a deepfake. That attack hit a corporation. The same technology is now being deployed against private families, where the defenses are far thinner and the response time far slower.
The gap no one is protecting
The structural problem is this: enterprise cybersecurity protects the institutional perimeter – the office servers, the trading platforms, the business email systems. It was never designed to protect the principal’s personal iPhone, home Wi-Fi network, household staff laptops, or the family group chat where someone just posted the summer travel itinerary.
That unprotected personal digital ecosystem is now the attack surface sophisticated adversaries exploit most aggressively. Data brokers – legal companies that aggregate and sell personal information – maintain detailed profiles on high net worth individuals available to anyone willing to pay. A motivated criminal can purchase home addresses, vehicle registrations, travel patterns, and family member details in under an hour. The same data that enables targeted financial fraud also enables physical surveillance. The digital and physical threat landscapes are no longer separate. They feed each other.
“A family that has invested millions in physical security but neglected their digital life has published an operational manual for anyone who wants to cause them harm.”
What protection actually requires
This problem is solvable – but not with the same tools used to secure corporate IT. Protecting a UHNW family requires reducing their digital footprint across data broker databases; hardening personal devices and home networks outside any enterprise perimeter; implementing out-of-band verification protocols for financial instructions that cannot be spoofed by a cloned voice; continuous dark web monitoring for mentions of the family’s name or credentials; and a pre-planned incident response protocol that enables rapid action when a breach occurs.
The FBI’s Financial Fraud Kill Chain froze $679 million in fraudulent transfers in 2025 – but only when victims acted within hours. Speed requires preparation, and preparation requires a plan that exists before the call comes.
The murder of Brian Thompson was a tragedy. The physical security response it triggered is, for many, long overdue. But if the only lesson we take from this moment is that we need more bodyguards and bigger fences, we will have missed the more immediate threat hiding in plain sight.
Your bodyguard is essential. But he cannot intercept a wire transfer. He cannot stop a deepfake voice from calling your bank. He cannot remove your home address from a data broker’s database. That requires a different kind of protection – one built for the world we actually live in, not the one our instincts have prepared us for.
About the author
Derek Blok is founder and chief executive of Invincyble LLC & Hackerly FE. Blok is an ethical hacker and former Director of Cyber Terrorism and Security in the US defence and Intelligence community. He is the founder and CEO of two cybersecurity companies: Invincyble LLC, a private firm offering confidential, white-glove cybersecurity protection and crisis mitigation for high net worth individuals, family offices, and private companies; and HackerLyfe, an A+ government contracting company serving the defense industry. 
Derek Blok
– FBI Internet Crime Complaint Center – 2025 Internet Crime Report, April 2026;
– Deloitte Private – Family Office Cybersecurity Report 2024;
– Deloitte Center for Financial Services – Generative AI Fraud Projection, 2025;
– Goldman Sachs – 2025 Executive Security Survey ;
– Allied Universal – World Security Report, September 2025;
– Pindrop – 2025 Voice Intelligence & Security Report;
– IBM –Cost of a Data Breach Report 2024;
– The Conference Board – Rising Risks, Rising Costs: US Public Companies Spending More on CEO Security, 2025; and
– Financial Times – Arup deepfake wire fraud incident, February 2024