Industry Expertise | The Overlooked Attack Vector: Executives’ Personal Data

“Industry Expertise” is sponsored content produced by AFSA’s Business Partners’ to provide thought leadership and best practices for AFSA member companies. For more information about this sponsored content opportunity, contact Dan Bucherer.

The Overlooked Attack Vector: Executives’ Personal Data

Recent research found that 42% of executives or their family members experienced a serious cyberattack in the past two years.

According to the Security Executive Council’s Executive Targeting Report, incident levels have reached their highest point on record in 2025, with 85% of those reports including assaults, kidnappings, inappropriate attention, and protest-related actions. And while companies often invest in cybersecurity protections and in-office physical security, they still often overlook one important vulnerability—their executives’ personal information.

Where executive data is found
In a recent Incogni study, three in four board members that researchers investigated had exposed data on people-search sites. Listings often included home addresses, relatives, and other sensitive personal details.

This type of information can be used for:

Impersonation attacks. Personal details help criminals craft convincing messages while posing as an executive.
Targeted ransomware and phishing. Attackers use personal context to pressure employees into bypassing security procedures.
Harassment and intimidation. Publicly available home addresses make it easier to target executives and their families.
Coercion using family routines. Information about relatives, schools, or daily activities can be used to threaten or pressure executives.
Physical targeting. Location and lifestyle details can reveal when an executive is most vulnerable outside the office.

Reducing executive data exposure
Reducing the public availability of executive data is becoming an important part of modern corporate risk management.

Organizations can start by auditing what personal information about leadership is publicly accessible online and removing listings from data broker and people-search sites. Monitoring for impersonation attempts and training executives on digital safety can also significantly reduce risk. Many financial institutions are also turning to executive protection and privacy programs that continuously monitor and remove sensitive personal information from the internet.

To learn more about how these protections work, you can explore Ironwall’s executive protection approach or email Maria Khan at maria.khan@surfsharkteam.com.

Ironwall transforms the digital bodyguard concept into a comprehensive, actionable solution. By combining prevention, monitoring, and emergency response, Ironwall ensures that executives are protected both online and offline, reducing risk before threats escalate into the physical world. In 2024 Ironwall partnered with Nord Security to enhance our data protection services and offer even more advanced security tools to our clients. With our proprietary search and removal software supported by a team of trained security professionals, we remove over five million pieces of personal information from the internet every week.

March 18th, 2026