COVID-19 could boost need for cyber insurance
As the world grapples with the COVID-19 epidemic, cybercriminals are already taking advantage of the panic. Social engineering tactics are being used to target fear and disinformation, for example with spam emails about the virus that contain malware links.
Social media is a lucrative channel for cybercriminals and social media-enabled attacks generate $3.25 billion annually according to a study at the University of Surrey. Online fraud and shopping scams are also popular, with Australia's Cyber Security Centre receiving a report every ten minutes. According to the Reserve Bank of Australia, $574 million of online retail spent in 2018 was fraudulent, with CNP - "card not present" - being the most prevalent type of fraud.
Internet users with lower computer literacy, who are less aware of cyber-crime and more likely to fall for traps and scams - are also least likely to know how to protect themselves. Seniors over 60, who didn't grow up with computers and social media, are the preferred victims of cybercrime against individuals. As a group they lost $649 million to cybercriminals in 2018 according to FBI data.
Even for more experienced users, protection is challenging. There's a bewildering amount of solutions out there. Which one is right for them? What about mobile devices? Should they protect their computer, or the home WiFi network, or both? How much should it cost? Who can be trusted for advice?
The reality is that most individuals don't have adequate protection or knowledge of how to get protection. And even for those that do, there are frequent data breaches beyond their control where their personal information is compromised. While governments around the world are tightening regulations around data, breaches still take place with alarming regularity.
In 2019 alone several billion records were compromised across organisations ranging from major social media platforms (Facebook: 540 million user details exposed) to banks (First American Financial Corp: 885 million transactions and customer records exposed). Even if someone has taken all the right steps, they can still become a victim.
This is why cyber insurance is becoming an increasingly important tool in the cyber defence arsenal. In the same way that no amount of locks and alarms can save a home from every burglary, businesses and individuals need to consider insuring themselves against digital theft.
Cyber-crime insurance also extends to damages beyond the internet. Lost and stolen credit cards, ID cards and passports also result in significant loss to individuals. Identity theft is a fast-growing crime: in 2017 nearly 60 million people were affected by identity theft in the US alone, with the yearly total cost of identity theft at $16 billion. Another $24 billion was lost to credit card fraud. It's not only adults who are affected: child identity theft cost families over $540 million in losses in 2017.
The challenge is that most consumers and businesses don't understand the concept or need for cyber insurance any more than they understand cyber-crime. As Daniel Carr, chief innovation officer and cyber lead at Occam Underwriting, noted at a recent forum, people "understand the harm of the cyber environment but they don't quite know who to blame yet, and that's systemic across every area of society, be that the judicial society, the regulatory environment or the commercial environment."
Service providers can play a key role here. Most telcos are well known and trusted brands that have an established relationship, often of several years duration, with users. In an increasingly competitive telco market, customer experience and offering added value is vital. Security products, including cybersecurity solutions and insurance, are a natural fit in the array of offerings from service providers. Cyber insurance aligns very well with telcos' Internet of Things propositions and their family propositions to have a personal cyber product.
The Internet of Things trend is only going to increase the number of vulnerabilities in homes and offices. Internet-connected smart devices increasingly contain personal data, such as account log-in details to third party services and payment information. Home surveillance systems are being hacked, and as other appliances get connected, they will create further exposure.