Does Cyber Insurance Cover My Interconnected Home? And Other Questions
In mid-2016, a division of the insurance giant, Munich Re, began to offer cyber protection insurance to consumers. As more cyber insurance carriers extend their coverage from companies to consumers, those consumers are putting those policies under a microscope to understand their benefits and how they might protect consumers from typical cyber security risks. Some of the more frequently asked questions and responses are as follows:
1. Does cyber insurance cover risks associated with interconnected homes?
As more homes install Internet of Things (“IoT”) devices, they create more opportunities for hackers to access home-based networks and to launch attacks from those networks. Munich Re’s policy will restore devices damaged by hacks. Whether a personal cyber policy covers corollary or third-party damage related to a hack of an interconnected home will depend on the specific policy.
2. Will personal cyber insurance cover bank account or credit card losses?
Banks and credit card issuers typically carry coverage that protects clients from fraud-related losses, and individuals generally do not need extra insurance for those risks. Brokerage and investment accounts, however, might not be covered. Individuals need to discuss this matter directly with their investment advisors and insurance carriers.
3. Does my cyber security policy cover identity theft?
Identity theft may be covered, either with a specific cyber insurance policy or with a separate endorsement on an individual’s homeowner’s policy. Almost half of all identity theft cases start with the theft of an individual’s laptop, memory stick, or portable electronic device that includes personal information. Cyber insurance may cover losses associated with the theft of an individual’s liability up to the coverage limits of a specific policy.
4. Will personal cyber insurance cover my business’s intellectual property losses?
Executives and entrepreneurs who work from home or other offices that are remote from a central business location might retain sensitive business information on a personal or home-based network. If that information is lost or stolen, the value of that business loss can easily exceed losses connected to theft of sensitive personal information. To the extent that business information is owned by a company, a business cybersecurity insurance is a better source of protection against corporate intellectual property losses. Home-based employees should check with their employer’s cyber insurance carriers to confirm that the insurance does extend to cyberattacks on a remote or personal network.
5. Does cyber insurance protect me against ransomware threats?
In a typical ransomware attack, a hacker will disable a corporate information system until the victim remits a ransom demand, usually in the form of a cryptocurrency like Bitcoin. Individuals are perceived to be less susceptible to ransomware, as it is less likely that they have the depth of information to make ransomware attacks viable or the financial resources to pay the ransom demand. Nonetheless, the individual cyber insurance policy offered by Munich Re’s subsidiary, The Hartford Steam Boiler Inspection and Insurance Company (HSB), does cover cyber extortion that provides victim assistance and payment of the ransom demand upon HSB’s approval. HSB’s policy also covers routine individual cyber threats, such as malware, attacks on and damage to internet-connected devices, and damage from phishing schemes and other online fraud.
6. What other information do individuals need to know regarding personal cyber security insurance?
Individual cyber insurance coverage is currently in its developmental stage. Insurance companies do not have good data to understand how individuals can or should protect their own information systems, and that lack of data impairs an insurer’s ability to assess risks. Rather than providing global cyber security insurance to individuals, insurers are offering alternatives, such as Pure Insurance’s auditing and monitoring services that audit home networks for intrusions and assess how cybercriminals might use an individual’s personal information. At present, the cost of these services is likely beyond the budgets of all but those few individuals who maintain very robust and information-rich home computer networks.
In the short run, insurers are more likely to focus on the corporate market for cyber insurance protection. As they gain a better understanding of individual cyber risks, insurers can be expected to pay more attention to the individual cyber insurance marketplace.