You've likely only seen cybercrime insurance primarily mentioned in relation to attacks on businesses. Most commonly, it’s cited with regard to ransomware attacks in the workplace, or associated data loss. Some folks think the mere presence of insurance simply encourages more attacks, and is hurting more than it's helping. Now we have another string to the bow to consider. Personal insurance plans are slowly becoming a more visibleand talked about topic.
A brave new world, or same-old same-old?
I'm fascinated to see talk of personal cyber insurance, in an area dominated by business.
The plans referenced in the article are for people seeking cyber insurance in India. It provides personal cover in a manner somewhat similar to contents insurance for the items in your home. The major difference is losing your digital items due to online shenanigans, as opposed spilling orange juice on your TV.
Premiums are based on how much you have to lose, and tailoring types of cybercrime to your package needs. If you make a lot of financial transactions online, that’ll bump the cost of the plan up too.
A transactional offering
Some of the exclusions listed are fairly eye-catching. For example, you’ll pay a higher premium the more online transactions you engage in. Despite this, losses incurred through cryptocurrency aren't included which could be a deal breaker for many people. The Indian Government has floated the idea of banning cryptocurrencyon at least one occasion, but eventually moved to a less aggressive regulatory approachat the end of 2021.
While it makes sense that insurers will be cautious around such rapidly changing stances, it's no real consolation to cryptocurrency fans.
Some cyber threats listed may not have realistic or obtainable legal solutions in some countries, but they will in others. For people not in the latter group, an additional insurance safety blanket might be very useful.
A helping hand against online stalking
There's some solid defence against people harassing others online in the policy types mentioned. For example, expenses are covered to prosecute people found to be stalking/bullying you online. So far, so good.
This same cover which provides legal fees to prosecute stalkers alsoprovides the insured with costs against invasion of privacy.
So many examples of cyber insurance only ever focus on the technical aspects of online crime, or ransomware backups. It's nice to see a more human aspect working its way into the mix. In some countries, the rules are fairly stacked against people and aren't necessarily conducive to tackling online harassment. Knowing there's a bit of backup to help with this kind of situation may itself make harassers think twice.
From add-on to standalone
Seeing cyber insurance as a standalone package for individuals is rather novel. In the UK at least, most—if not all—cyber offerings I’ve seen are add-on packages to regular insurance policies. For example, one major insurer offers it across all their insurance tiers and it covers the usual issues like ransom, fraud, restoration of systems, defamation and so on. Unlike the India-centric policy above, identity theft is included by default in regular, non-cyber packages.
The standalone offerings I’ve seen usually ask you to contact them to arrange a premium, as opposed to having a default one-size-fits all price. Some include monitoring customer data for breaches, including issuing alerts when necessary. Others seem to fall into more traditional areas of cover, offering to replace or repair damaged devices and recover data.
I’ve seen a few offer 24/7 cyber-helplines, credit reports, and “ransom monies” made available in ransomware cases. Some insurers have grey areas related to working from home, or just flat out refuse to cover it. All this, without the added complexity of business insurance and the question of whether it’s right to pay out to ransomware authorsin the first place.
Drawing insurance lines in the sand
It’s a bit of a tumultuous time for insurers in the digital realm as they try to define what, exactly, is or isn’t up for coverage. Real world insurers use act of God policies, not covered by insurance. Cyber insurers are quickly coming up with their own non-coverable issues.
Then there's the thorny problem of insurance companies themselves being juicy targets for attackers. I'm fairly certain they don’t have to look for decent cyber insurance quotes from competitors themselves. It’s still a very odd thing to think about in an industry still figuring out its role where rogues costing their customers money don’t play by the rules.