UnitedHealthcare CEO Brian Thompson's murder sent a chill through corporate America, not just due to his tragic and violent death, but also because of the equally shocking public sympathy for the accused killer. Disturbingly, denied insurance claims have been identified by many in the public as reasonable justification. Now, only months later, the massive wildfires in Los Angeles County could set the stage for a new raft of violence.
The UnitedHealthcare incident presented corporate security teams with a worst-case scenario arising from one of the corporate world's most uncontrolled risks: unmanaged executive digital footprints. Cars, offices and homes aren't the only things that need to be secured — the digital exposure of personal information for insurance executives and claims adjusters is an urgent but easily addressed risk.
Public anger and frustration can spike in the aftermath of events like the California wildfires if policyholders feel claims decisions are unfair. Disinformation, fraud, slander, libel and even impersonation can proliferate quickly, and digital exposures endanger individual reputations, executives and their families' safety, and corporate assets. Threats that start online can quickly arrive at an executive's front door.
Here are eight ways an executive's digital footprint can pose serious risks:
1. Personally Identifiable Information (PII) leakage on data brokers
Over 93% of executives have a current or former home address visible via a data broker, with an average of more than 11 data brokers per executive. Not only is this personal information available, but it is very likely available on the first page of Google search results or via a simple ChatGPT query. Data broker information ends up on the web typically through no fault of the executive — the data brokers themselves are a form of bad actors — profiting from the PII of others without regard for privacy or security.
2. Pattern of life exposure & location tracking
Unlike data brokers, which appear online through no fault of an executive, some executives and their family members inadvertently post personal details
When combined with data brokers or other public information, this type of information can create a literal map of the daily routine of an executive, which could be used to stalk, harass, intimidate, or extort an executive and their family outside of the office.
For well-motivated and resourced threat actors, it is possible to leverage pattern-of-life information, such as a mobile phone number, to track an executive's location in near real-time without knowledge or consent.
3. Extortion & harassment
Cybercriminals harvest and sell personal information on the dark web and use it for extortion and identity theft. Once attackers obtain sensitive personal details, they can threaten to publish the information on social media, dark web marketplaces, or other public forums if their demands are not met. If the leaked PII includes particularly private or embarrassing information, attackers can weaponize it to pressure victims into paying money or fulfilling certain demands.
4. Password reuse and theft
One particularly pernicious aspect of the data brokers and pattern-of-life information is that it provides an increased attack surface for cyber criminals who are interested in finding prized, C-suite credentials. Since a full 94% of C-Suite executives have an exposed cleartext (human-readable) password, with an average of 4.3 passwords exposed per executive, the scale of this problem impacts nearly every executive. To make matters worse, our data indicates that executives often reuse passwords, making it even easier to leverage the same stolen passwords across multiple websites, applications, or systems, posing a significant security risk for the individual and organization.
While most security teams are wise to tracking and blocking exposure for a work identity, few have the capability to track, monitor, and block exposed passwords from personal or former (or other) work accounts. Our data indicates that 84% of exposed passwords originate from a non-work email, which means that the majority of security teams have a blind spot for this risk.
5. Business email compromise, impersonation and CEO fraud
Once attackers have an executive's credentials, they can impersonate that individual in email exchanges. If someone requests urgent fund transfers from a co-worker, unsuspecting employees may comply, leading to serious financial and legal ramifications. Cybercriminals use phone calls, text messages and even social media to pose as executives.
6. Deepfake and synthetic media manipulation
A deepfake is a type of synthetic media — such as video, audio or images — created or altered using artificial intelligence and machine learning techniques to appear genuine. It often involves superimposing or seamlessly swapping identities so convincingly that it becomes difficult to distinguish manipulated content from real footage or recordings. Deepfakes can be used for entertainment, satire or film production, but they also carry risks like impersonation, spreading disinformation or blackmail. Artifacts like photos and videos left open to the public web can be used as raw material for faked content.
Deepfakes are most effective when they leverage information exposed from data brokers and pattern-of-life information. For example, an executive's voice can be deepfaked in a call to a colleague that references a public social media post such as a conference or similar event where the executive is traveling. To make such a deepfake even more effective, an attacker can easily spoof the executive's private mobile number, making it difficult to detect even for the most savvy security-minded executive.
7. Social engineering attacks involving family members
Threat actors often target family members, who may not maintain strict privacy settings or robust security practices. They are often more active on social media and can unwittingly divulge personal or business-related information that criminals can exploit for blackmail or to panic a fraud victim.
8. Disinformation campaigns and brand attacks
Coordinated online efforts using digital footprints and artifacts can spread misinformation about coverage decisions or claim denials. Even if later disproven, rumors can damage an organization's reputation and undermine trust in its leaders. During high-profile events like the California wildfires, coverage decisions supposedly made by insurance executives can become fodder for online mobs seeking to expose or harass industry leaders. These can take the form of written content, or more troubling, video content leveraging deepfake technologies that give the fake content more realism.
What insurance IT departments can do
Insurers must assess executives' digital footprints to gauge corporate risk accurately. Enterprise-grade executive protection software solutions that measure and remediate digital exposure for high-profile individuals are essential.
These enterprise-grade platforms not only proactively discover and immediately remediate exposed PII in data brokers, public web, deep web, social media, and the dark web, but they also have critical tie-ins to traditional enterprise security technology suites such as SIEM, SOAR, EDR, and email security.
Safeguarding casualty insurance executives requires a tech-driven, proactive approach. As recent tragedies show, digital threats can escalate into real-world danger. Investing in enterprise-grade, specialized protection minimizes risk, ensuring leadership safety and corporate stability.
