Cyber insurance: What is it and what does it cover?

Share
More
Cyber insurance: What is it and what does it cover?

Did the WannaCry cyberattack make you wanna cry? If so, you’re not alone in being fearful after one of the world’s worst cyberattacks. Thankfully, now you can consider cyber insurance to safeguard yourself in the future.

The malicious WannaCry software, known as ransomware, struck thousands of PCs across the globe in May, 2017, just weeks after another attack targeting Google Docs users. As the ransomware name implies, the virus holds your computer "hostage" until you pay ransom in the form of virtual currency. In 2016, Symanetic, a provider of internet security software, detected more than 100 new malware "families" and reported a 36 percent increase in ransomware attacks around the world.

You may have been hit by the WannaCry attack or you may have escaped it. Either way, you might be wondering whether there’s any sort of insurance that could help you rebound from another cyberattack like WannaCry. The short answer is yes.

What is cyber insurance?

In the recent past, so-called cybersecurity insurance has been available mostly to businesses and organizations seeking to protect themselves in case of data breaches and other cyberattacks that jeopardize credit card numbers, Social Security numbers and other private information. Now, insurers increasingly are extending this coverage to individuals like you and me.

"Cybersecurity insurance is a fascinating area that’s still developing," says Mark Nunnikhoven, vice president of cloud research at Trend Micro, a maker of internet security software. "We’re seeing a lot of experimentation and growth for companies in this area, and a market for individuals is starting to emerge."

For individuals, this coverage focuses on bouncing back from identity theft as a result of an at-home cyberattack, according to Nunnikhoven. A cybersecurity insurance policy can reimburse you for various costs — such as legal, financial and technical help — associated with repairing damage caused by identity theft.

Who sells cyber insurance?

One of the providers of cybersecurity insurance for individuals is insurance giant AIG. In April, 2017, the company introduced a product called Family CyberEdge, an extension of the cybersecurity insurance it already offered to businesses and organizations.

AIG sells the Family CyberEdge coverage to wealthy clients and their families. Family CyberEdge helps policyholders who’ve been victimized by cyber threats such as extortion and bullying. Among the expenses eligible for reimbursement under this coverage are data restoration, crisis management and reputation management.

Other companies selling personal cybersecurity insurance include Chubb, Hartford Steam Boiler and PURE.

"As cyber threats become increasingly more sophisticated and intrusive, it is important for homeowners to have access to services and protection that help enhance cybersecurity and that can react when that security fails," Tracie Grella, global head of cyber risk insurance at AIG, says in a news release.

Aside from standalone cybersecurity policies sold by companies like AIG, cybersecurity coverage is available from providers of homeowners insurance. Loretta Worters, a spokeswoman for the Insurance Information Institute, says this coverage typically is added to an existing homeowners insurance policy through what’s known as an "endorsement" or "rider."

Who needs cyber insurance?

This type of coverage is growing in importance as individuals store and access more and more data online, Worters says. According to the Pew Research Center, about two-thirds of Americans have reported experiencing a major data breach, including fraudulent charges on credit cards and threats to personal information.

Worters recommends consulting with your insurer or insurance agent about whether you need cybersecurity insurance and, if so, how much it costs.

In a post she wrote in 2015 for Slate, Josephine Wolff, assistant professor of public policy and computing security at the Rochester Institute of Technology, argued that personal cybersecurity insurance seems "misguided." For one thing, she noted that a smart cybercriminal likely won’t target an individual’s computer, but rather will go after a trove of data kept by retail chains, government agencies and healthcare companies.

While cybersecurity insurance may offer peace of mind, there’s a gray area around when an insurer will provide a payout following a cyberattack, according to Trend Micro’s Nunnikhoven. One question hovering over this kind of coverage: Did the policyholder do enough to prevent a data breach in the first place?

"Unlike an area like automotive or home insurance, there’s simply not enough data or experience dealing with cybersecurity issues to draw clear lines around what’s covered and what isn’t," he says.

This coverage alone won’t prevent a cyberattack, although some plans do offer preventative measures designed to thwart cybercriminals, such as a professional audit of your home-based computing network. Protection against such attacks rests with installing and updating cybersecurity software on your computers and other electronic devices. Cyber insurance helps minimize the damage from a cyberattack, coming into play only after you’ve been victimized.

"Cybersecurity insurance is one tool to help address the reality that no matter how strong your defenses, they’re not 100 percent effective," Nunnikhoven says.