Cybercrime is now a $10.5 trillion-a-year industry, per Cyber Security Ventures. And if you have money, you have a target on your back.
That’s not a scare tactic — it’s the reality Mark Hurley laid out on the latest episode of Quarter Over Quarter, Moran Wealth Management’s flagship podcast. Hurley is the CEO and founder of Digital Privacy Protection (DPP), a firm built specifically to help affluent families protect themselves from cyber threats. He spent seven years researching the problem before launching the company — alongside former West Point classmates who ran Department of Defense cyber programs and worked FBI cyber investigations.
What he shared should prompt every high-net-worth family to take a hard look at their digital exposure.
Why High-Net-Worth Families Are Prime Targets
It’s not random. Cybercriminals are running sophisticated, automated operations — think office buildings in Moscow and Beijing, staffed by analysts whose full-time job is stealing from Western families. They don’t guess. They profile.
“If you’re a high-net-worth family, you have a bullseye on you,” Hurley said. “They’ve woken up to the fact that most people in the United States don’t take steps to protect themselves.”
The reason affluent individuals are disproportionately targeted comes down to surface area:
- More devices — phones, tablets, laptops, smart TVs, all collecting and transmitting data
- More accounts — banking, investment, insurance, estate, real estate
- More digital footprint — public records, professional profiles, social media, property ownership
- More to steal — and more complexity to exploit
Most people assume that wealth held at a major custodian is safe by definition. That assumption is wrong.
Your Bank May Not Reimburse You
This is the detail that stops most people cold.
Hurley described two families who each lost hundreds of thousands of dollars — one from a Bank of America account, one from Chase — after cybercriminals obtained their passwords through unencrypted connections. In both cases, the banks declined to reimburse them. Their reasoning: read your online account agreement.
“Federal deposit insurance is there in case the bank fails. That’s it. Everything else is governed by your online account agreement.”
It’s a clause almost no one reads and almost everyone assumes won’t apply to them — until it does. The banks aren’t being arbitrary. They’re spending billions on their own security infrastructure. The problem, Hurley explained, is that 98–99% of breaches in the wealth management space are launched through the customer, not the institution. The banks know this. Their contracts reflect it.
The Password Problem Is Worse Than You Think
Here’s a number worth sitting with: any eight-digit alphanumeric password — uppercase, lowercase, numbers, symbols — can now be cracked in less than one second using AI-assisted tools.
“If anyone listening has an eight-digit password,” Hurley said, “they’re just going to go.”
The minimum standard for real protection is a 20–25 digit, randomly generated, alphanumeric password, unique to every account. And before you think that’s impossible to manage practically, Hurley addresses it directly in the episode — password managers make this not only possible but surprisingly simple. Facial recognition login, auto-fill, one-tap account access. His clients average north of 70 years old. It works.
The looming challenge: as quantum computing advances, even those standards will shift. Hurley anticipates 50-digit passwords becoming the norm within four to five years.
The Scam That Cost One Family $6 Million
The nature of attacks has shifted dramatically. The old “Nigerian prince” email is not what you’re protecting against anymore.
Today’s most sophisticated threat is psychological — not technical. Criminals research their targets deeply before making contact. They understand the target’s assumptions, fears, relationships, and routines. Then they construct a scenario that fits perfectly within that person’s worldview.
“Even if the person thinks it’s a scam, because everything else is consistent, it’s very, very hard for them to realize it is a scam.”
Hurley described one family that lost $6 million this way. The attackers knew enough about the family’s psychology to make the fraud feel completely coherent. This is what cognitive scientists call exploiting heuristics — the mental shortcuts our brains use to make fast decisions. Sophisticated bad actors have learned to weaponize them.
Voice cloning has made it worse. For roughly $5, someone can clone a voice convincingly enough to defeat voice recognition software. Video deepfakes capable of passing on a Zoom call are documented and accessible. Caller ID spoofing means the number showing up on your screen may say your advisor’s name — and it’s not your advisor.
The Title Fraud Risk Nobody Talks About
Most cybersecurity conversations focus on accounts and passwords. Hurley brought up a threat that catches most families completely off-guard: real estate title fraud.
Roughly 12,000 times a year, someone files fraudulent paperwork with a county assessor’s office claiming to have purchased a property. County offices often don’t have the staff to verify these filings. The deed gets changed. The criminal borrows against it, rents it, or sells it.
Hurley described a client who had a vacant lot in Florida — and someone sold it out from under them.
The protection is straightforward but rarely done: register for filing notifications with every county assessor’s office where you own property. It’s free. Most people have never done it. DPP handles this as part of their full-service offering.
What “Basic Cyber Hygiene” Actually Looks Like
One of Hurley’s former West Point classmates — who ran the Department of Defense’s cyber program — told him that if everyone completed the basic hygiene steps, roughly 96–97% of individual risk would be eliminated. The problem is nobody does it, because nobody has ever systematically walked them through it.
What does it actually involve?
- Device settings — approximately 60 on an Apple device, up to 120 on Windows or Android
- App, browser, and search engine settings — around 900 in total, configured to limit data collection
- Password manager — all accounts migrated to 20–25 digit unique passwords, accessible via facial recognition
- VPN — encrypts internet traffic, preventing credential theft on public or unsecured networks
- Private email
- Dark web monitoring — alerts if your credentials are being sold
- Property title monitoring — county assessor notifications across all properties you own
DPP handles all of it. Two appointments, approximately 45 minutes of client time each. Everything is recorded. No technician can see or copy passwords. The service is available exclusively through select wealth management firms — Moran Wealth Management is one of them.
Cost: approximately $40 per month for most families with multiple devices. Hurley estimates it runs about half of what it would cost to piece together independently.
The Takeaway
Don Drury put it well near the end of the episode: we all know we should eat better. We don’t, until the doctor delivers a hard conversation.
Cybersecurity is the same calculus — with one significant difference. The doctor can usually help after the fact. Bank of America and Chase have already decided they won’t.
“As long as you understand what’s going on, what the risks are, and what the basic steps to take,” Hurley said, “it’s very, very safe to operate online.”
The knowledge is there. The tools are there. The service is there.
Watch or listen to the full episode of Quarter Over Quarter to hear Don, Tom, and Mark work through real client examples, the mechanics of voice cloning attacks, and exactly how DPP sets up a family from scratch.
Moran Wealth Management clients and prospects can access DPP’s exclusive onboarding page at dpripro.com/moran.
Referenced Cyber Security Ventures Report can be found here.