2017 was one of the worst years for hacking on record. We’ve seen reports of unsolicited miner-ware installations generating millions of dollars worth of Monero, Coincheck‘s breach result in close to half a billion dollars in losses, ICO phishing scams, and much more. This cycle has repeated itself ever since Mt. Gox was breached in 2011. As anyone who follows the news knows, this trend is not exclusive to the crypto world. One journalist declared “2017 Was The Year of Hacks.” before predicting 2018 would get worse.
This trend has led to the emergence of cyber insurance. In 2017 cyber insurance became the fastest growing type of insurance in the United States experiencing unprecedented growth in the double-digit percentages per year, in what was already a billion dollar market. This growth, combined with what are comparably large premiums has led to an insurance gold rush in the area.
As with most other things related to crypto, the cyber insurers’ potential addition of blockchain has created tons of buzz. We’ve previously reported on Mitsui Sumitomo Insurance’s rollout of a small scale crypto insurance product in Japan. On a larger scale, we’ve also discussed Coinbases’ massive policy with Lloyds of London that covers the 2% of coins, which are not kept in “cold storage”. These policies are certainly the tip of what is becoming a fast-growing iceberg.
An Expansion of Cyberinsurance
With all the insurance blockchain plays currently being launched, including one by insurance giant AIG, it’s a bit surprising how old-fashioned the crypto insurance market is. I have confidence an ICO or two will shake it up soon. In the meantime, the crypto insurance market seems to be almost an exact replica of the cyber insurance market. In 2016 AIG, Chubb and XL Group were reported as leading the Cyber insurance market. Today, AIG has already said they’ve underwritten a few policies as part of an “exploratory phase” of what could be a much larger roll out. XL Caitlin and Chubb are also already selling crypto insurance.
Much like cyber insurance, the crypto insurance market needs time to mature. More importantly, insurance providers need data to refine their underwriting models over the next few years. It’s certainly going to be a long process and much like cyber insurance, it all starts with risk assessments. Companies will have to undergo months of due diligence including extensive infrastructure reviews, third and (possibly) fourth party vendor security audits, and take expensive steps to ensure compliance with regulations surrounding data governance.
Despite some of these policies being sold now, questions remain. For one, classic cyber insurance policies rely on the stability of fiat currency. If there’s a $100 million stolen in a breach (excluding somewhat predictable legal fees, investigations…) the maximum amount the insurance company can pay out is $100 million. If, however, Bitcoin was insured in January of 2016, insurance companies would have to deal with price increases in the thousands of percent. To address this, many insurance companies will insure based on value regardless of price fluctuations (in the case of gold, for instance). The constant readjustments can lead to dramatic fluctuations in premiums that can prove intolerable to insurance underwriters and their customers alike.
Another issue, in both cyber insurance and cryptoinsurance, is that of phishing scams. If an attackon a companies DNS leads to cryptocurrency being sent to the wrong wallet, is the insurance company still liable? Shouldn’t the customer have checked the SSL certificate to verify the identity of the server? All of these questions are being answered in cyber insurance and will have to be answered independently by the crypto insurance markets. Especially in light of the recent astronomic rise of phishing scams targeting crypto investors.
Despite the risk, insurance companies seem to be getting into this industry. Crypto insurance is likely to form an increasingly large part of the crypto insurance market. Its growth has been and will continue to be exacerbated by frequent hacks. It’ll be exciting to see where this industry ends up.