In response to consumers who say they’re “terrified” about identity theft and threats to personal data, cyber insurance coverage for smartphones, computers and connected home devices is being offered by more companies in more places than ever before.
What’s being called “the first personal lines cyber insurance product for consumers in Canada” are among a suite of insurance coverages and related services offering protection for cyber attacks, cyber extortion, online fraud and the breach of personal information.
According to a study conducted for one company selling such coverage, Assurant Inc., when people were asked about their home-based and personal tech connections, more than 60 per cent said they were either “terrified” or “very concerned” about identity theft and cyber attacks.
The study was unveiled at last year’s Consumer Electronics Show, and most observers feel the concerns have only grown since then.
So not surprising that cyber insurance for consumers is one response. Here in Canada, the Boiler Inspection and Insurance Company (BI&I), part of global insurance giant Munich Re, is now offering its Home Cyber Protection bundle to consumers.
“The increasing growth of connected devices and smart home equipment is making homeowners more connected than ever, but also creating opportunities for cyber attackers to steal information, extort money, commit fraud, and damage data and systems,” Derrick Hughes, vice president for BI&I, said when launching the coverage. “Consumers can now access cyber coverages previously available only to businesses.”
Part of the bundle addresses cyber attacks: as described by a company spokesperson, if someone suffers a malware attack that disables their home computer or device, under this plan they would submit an insurance claim for the cost of system restoration and data re-creation. They could take their device to a local professional for data recovery and system restore, and once the device was back to “pre-attack functionality”, they would submit a claim and the coverage would pay the insurable covered costs.
While cyber insurance coverage is a must-have for many businesses, the same protection is not as often considered for individuals. People who use credit cards and bank accounts typically already have some level of cyber security protection from their financial providers.
Online fraud protection, such as that offered by BI&I, can be seen as an add-on to existing protection if needed. As BI&I reports, if elements of its cyber coverage are duplicated under any other policy, then its Home Cyber Protection will apply as excess coverage. For example, if a bank pays up to $5,000, but the total loss is $10,000, Home Cyber Protection will pay the extra $5,000.
(Of course, as BI&I notes, policyholders should refer to the actual insurance contract for all coverages, terms, conditions and exclusions.)
One of the newer threats to any connected device or valuable stash of data is cyber extortion, where a hacker gains control of someone’s computer or connected device and holds it – and the data it contains – for ransom.
Ransomware attacks on corporations and individuals are becoming more frequent, and according to studies, more than a third of those affected ended up paying the ransom. In a three-year period between 2013 and 2016, stealing funds from individuals was a $2.3 billion business.
BI&I’s cyber extortion protection can be used to pay the requested demand and to or pay for the restoration of systems and recovery of data for the device. A claims handler (available during business hours for phone consultations and claim initiation) first qualifies the occurrence, and then conducts what’s called “a warm transfer” to a professional ransom negotiator, providing as much information as possible so the insured can make the best decision possible. If needed, then, the insurer and any other outside experts required, would help with the actual negotiations with the ‘data-napper’ and payment logistics so the insured will pay the demand and the insurer will reimburse.
One of the concerns expressed by tech industry analysts is about the unintended consequences of insurance coverage. If such offerings becomes commonplace, will that send the wrong message to the marketplace? Would the availability of protection lessen efforts taken by an individual or a company to provide for their own cyber security? Does buying insurance reduce the amount of investment into IT systems or personal property protection?
Before you answer, consider the tone of a promotional pitch provided by another company offering cyber insurance in Canada: “Your coverage takes the responsibility off your shoulders …”
Well, the weight on those shoulders might feel a bit lighter with the purchase of additional protection, but surely the cyber responsibility to protect both one’s own personal data and digital devices, and also those of the rest of us, is growing just as surely as the cyber insurance industry itself.
That’s why any good insurer will continue to recommend steps be taken to protect one’s data and devices: anything from simply strengthening your password to using sophisticated password managers that protect, encrypt and automatically update your passwords (sometimes after each and every visit to a website).
As we hear more and more about the rise of cyber risks, there does not appear a corresponding rise in cyber security culture. We seem to overlook or forget or just ignore those basic proactive cyber security steps said to be essential for the overall health and safety of the cyber sphere. Until then, insurance coverage may help cover us.