White Paper Personal Cyber Insurance: Protecting Our .

2y ago
21 Views
2 Downloads
1.73 MB
20 Pages
Last View : 17d ago
Last Download : 2m ago
Upload by : Francisco Tran
Transcription

White paperPersonal cyber insurance:Protecting our digital lives

Technology comes withhuge advantages foreveryday life, but peopleshould be aware that itcomes also with significantrisks.Insurance has an importantrole to play in protectingcustomers against cyberthreats.We’re smarter together

IntroductionAs our lives become more digital, so do the risksIt is often said that smartphones are more powerful than the computers used in theNASA 1969 Moon landing mission. The 2KB memory of the Apollo 11’s guidancesystem is tiny compared to today’s Apple or Android handsets.When coupled with always-on internet access, these devices open up a world ofpossibilities – but many consumers never give their sophistication a second thought.Technology has become so ubiquitous, it is hard to live without it. It comes withhuge advantages, but also risks – and there is an increasing role for insurers to playin protecting customers in the face of cyber threats.Besides being able to shop whenever and wherever, as well as stream moviesand music, the digitisation of the personal space has many other, more tangible,benefits too.Globally, more than three quarters (76%) of account-owning adults make digitalpayments and rely on online banking to meet other day-to-day financial needs, suchas checking balances 1.For millions of people in emerging markets, managing money via a mobile phone hasbecome a lifeline. It has made it possible to send money to friends and familythousands of miles away or make payments for business transactions. These andmany other everyday activities would be practically impossible for many peopleliving in remote parts of the world, hundreds of miles away from the nearest bank.Rapid advances in technology are enabling new services all the time. Smartdoorbells let you see who is at your doorstep via an app on your phone. Smartheating and lighting controls let you change the temperature and switch lights on oroff remotely. And smart energy metres help you monitor your energy usage andcosts in real-time.All such devices are part of the Internet of Things (IoT), meaning they are connectedto and send information via the internet, enabling them to be controlled by phone,tablet, or PC.By 2023, a typical UK home is expected to contain as many as 50 different IoTconnected devices, including games consoles, TVs and set-top boxes, securitysystems, baby monitors and white goods such as smart fridges 2. More than halfof the world’s households (53.6%) are already connected to the internet 3. In thedeveloped world, it is even higher – 84.4%. In 2012, that figure was just 37.9%.Added to which, the number of smartphones in use is predicted to hit 3.8 billionby 20214.It may feel like we already live in an interconnected world. But the reality is we arestill only in the early days of this new wave of expanded digitisation. There will be anabundance of opportunities to come, but that will also mean a greater need for riskawareness and mitigation.1 orbes: Technology Is Delivering Better Access To Financial Services. Here’s m/2018/04/21/global-findexfindings/#5124c85b1fa02 Total Telecom: EE: Average UK Smart Home will have 50 connected devices by -Smart-Home-will-have-50-connected-devicesby-20233 ICT: Facts and Figures nts/facts/ICTFactsFigures2017.pdf4 Newzoo: Global mobile market report zoo 2018 Global Mobile Market Report Free.pdf?submissionGuid 95946481-bfac-478b-bfe5-672a48f72385Swiss Re Personal cyber insurance 1

Cyber riskshave realrepercussionsfor individualsEmerging cyber risks for individualsThere is always an element of risk in all everyday online activities. But the mannerin which individuals conduct themselves online can determine whether they exposethem to active threats. That might relate to storing credit card details on a retailer’swebsite or sharing sensitive personal data via an unprotected wireless network, ornonencrypted websites.But in our increasingly connected world, the risk does not stop just because youswitch off your computer or put down your smartphone. It has been predicted thatby 2030 there will be around 125 billion IoT devices globally5, which representsa huge potential for cyberattacks.The chances of your smart doorbell or connected fridge being targeted by hackersare relatively slim. However, the more commonplace devices like these are, thegreater the inherent risk becomes too. Partly, this could be down to a lack ofawareness and understanding of what smart devices are and how they function –does everyone with a connected device stop to think about how secure or otherwisethat might be?In recent years, the phenomenon of ransomware6 has become a particularly highprofile cyberthreat. Such attacks follow a broadly similar pattern, whereby a websiteor other online system will be taken over by an attacker who locks the legitimateowner out and demands a ransom. Although it is typically attacks on businessesthat have made the headlines, anyone can be a ransomware target.5 IS Markit: Number of Connected IoT Devices Will Surge to 125 Billion by 030-ihs-markit-says6 Sophos: After SamSam, Ryuk shows targeted ransomware is still ill-evolving/2Swiss Re Personal cyber insurance

There are other attacks that target individuals more specifically, and which can haveprofound and distressing consequences.If a person’s bank details are compromised or stolen it can be the start of a series ofproblems that go far beyond unlawful withdrawal of funds: identity theft. In additionto possibly clearing your accounts out, crooks may use your personal informationto open bank accounts or take out loans in your name. While fraudsters abscondwith their ill-gotten gains, the individual whose identity has been cloned will be leftwith the fallout. Frequently this will involve payment default notices and a damagedcredit record all of which may only come to light several months after the fraudwas perpetrated.The emotional and psychological harm of falling victim to identity theft can beprofound and is not the only example of how our digital lives can start to impact onour overall wellbeing. Cyberbullying and stalking have become all too common partsof everyday life for far too many people, with more than half of US teenagers sayingthey have been bullied or harassed online7.From identity theft, to hacking of subscription services and IoT home devices, the listof cyber risks people, and not just organisations, are facing is growing all the time asthe cyber threat landscape metastasizes rapidly.Cyber risks have real repercussions for individuals978 mn59%consumers attackedin 20178172 bnUSD stolen in 20178of US teenagershave been cyberbullied71.12 bnidentities stolen in 2016923.6hours spent or almost 3 workingdays dealing with the aftermathof a cyberattack87 Pew Research: Majority of Teens Have Experienced Some Form of cyberbullying/8 Symantec: Norton Cyber Security Insights Report 20179 Symantec: Internet Security Threat Report iss Re Personal cyber insurance 3

IntroductionHow consumers can respond to these threatsThere are steps every individual can take to protect themselves from these risks.Taking responsibility for one’s personal cybersecurity and learning good habitsare critical first steps, as are:̤̤ Using unique passwords for every account and choosing passwordsthat are difficult to guess̤̤ Having up-to-date security software as well as running automatedsoftware updates̤̤ Ensuring home IoT devices have security in place̤̤ Banking and shopping via websites with extra security in place like‘https://’̤̤ Only opening email attachments if they come from recognised contacts,and never giving out personal information, logins or passwords inresponse to emails purporting to come from banks or other organisations̤̤ Regularly backing up valuable data like work files, music, photos andstoring it safelyPersonal cyber hygiene practicesfor individualsThere are several useful resources with informationand tips and tricks on how individuals cansafeguard themselves. Here are a few examples:HM Governmenthttps://www.cyberaware.gov.uk/BSI für e/home node.htmlSISAhttps://www.swiss-isa.ch/en/Peoplecan respond tocyber threatsby implementingpersonal cyberhygieneStop. Think. Connect.https://www.stopthinkconnect.org/But even the most vigilant and online-savvy people will never be entirely risk-free.This is where personal cyber insurance can help mitigate the risk and transfer thepotential for loss from that residual risk. Although not yet widely available, personalcyber insurance is expected to become a fast-growing market segment in the nearfuture due to the rapidly increasing exposures consumers face today.The benefits of such an insurance product to individuals and families can range fromsupport in improving people’s cyber security posture to financial compensationand expert help in the aftermath of a cyber incident. But for insurance companiesmaking the most of the growth opportunity requires developing products that meetthe needs of a new generation of digital, connected consumers.4Swiss Re Personal cyber insurance

Personal cyber insuranceWhere is the consumer cyber insurance need?Assessing the market opportunity for personal cyber insurance calls for an analysisof many factors. The key one is identifying the customer need.To that end, Swiss Re conducted a global survey. Here is a summary of the results:Most feared cyber risk scenarios and coverage needsThe top four cyber risk scenarios that people worry about most are:1 i llicit access of financial credentials (a hacker gets access to your online bankingdetails and might therefore be able to steal money)2 i dentity theft (an attacker steals your digital identity to purchase goods or servicesonline in your name)3 d ata loss due to a technical issue (your personal data gets deleted by a virusor software glitch)4 i llicit publication of personal data (somebody else publishes your privatepictures online)These are the four main areas where customers are receptive to the idea of a cyberinsurance policy that will cover them against some of the consequences of thesefears coming true.Most feared scenarios in %81Illicit access offinancial credentials756959Identity theftData loss dueto technical issueIllicit publicationof personal dataSwiss Re Personal cyber insurance 5

Personal cyber insuranceProduct characteristicsWhen we asked people how they would be most likely to buy a cyber insurancepolicy, there was a rough 60:40 split.A clear majority of respondents (63%) said they would prefer to buy personal cyberinsurance in combination with other products. Natural partners for this kind ofbundle would include their home insurance or – if they have one – their privateliability policy. Just over a third (37%) would also be interested in looking atstandalone personal cyber insurance products.Preferred structure of cyber insurance in %37Standalonecyber insurance63Add-on to other insuranceWhen Swiss Re asked consumers if they would want to choose specific coverageelements for their own insurance policy, a similar split became evident. Thosefavouring the all-in-one cyber insurance product approach made up 62% ofrespondents, with 38% expressing an interest in being able to tailor a product tosuit their circumstances.Preferred type of cyber insurance in %38Ability to modularlychoose cyberinsurance coverage62All-in-one cyber insuranceRespondents to Swiss Re’s survey also expressed a desire for additional featureswithin cyber insurance products, including 24/7 access to technical assistance,a hotline for legal advice or identity theft monitoring.6Swiss Re Personal cyber insurance

Consumer interest in additional services in %Would you be interested in having additionalservices offered by a cyber insurance provideraside from financial reimbursement?6124/7technical assistanceCyber security alerts48Identity theftmonitoring4824/7 legal assistance4846General cyber securitytraining45Assessment of owncyber security posture34Training how to protectown devices28Training how to protectown online accountsNone of the mentioned9Less than 10%of consumersare not interestedin assistance andrisk managementservicesSwiss Re Personal cyber insurance 7

Personal cyber insuranceWillingness to buyOverall, when asked if survey respondents would buy personal cyber insurance,56% of people said they would. As awareness of cybersecurity risk increases,a corresponding increase in interest in cyber insurance could easily be seen inthe near future.More thanhalf of the surveyrespondents saidthey would buypersonalcyber insuranceWhen respondents’ answers were split along gender lines, a clear difference beganto emerge. Almost two-thirds of women said they would buy cyber insurance,whereas just over half of men said they would. There were no age-related attitudinaldifferences revealed.Asked why they thought it was unlikely they would buy such a product, respondents’answers centred around two main observations. The first was that the perceivedrisk of being a victim of a cyberattack is small. The second is that they were notaware of any such products on the market. While the second of those objectionswill ultimately be overcome by growing availability and better visibility of cyberinsurance products for individuals, the former demonstrates the need for furthermarket education.One well-orchestrated attack on a large business or service provider has thepotential to implicate huge numbers of people, significantly amplifying anindividual’s risk of being harmed by an attack they are not even the specific target of.For example:2016Yahoo10: A series of data breaches dating back to 2013 and 2014 affected thecompany’s entire user base – some three billion accounts.2017Aadhaar11: The world’s largest biometric database containing the personalinformation of more than 1 billion people was hacked into. Many of the records werethen sold online.2018Marriott International12: Since 2014, the guest reservation database of its StarwoodHotel subsidiary had been accessed by an unauthorised party. Around 500 millioncustomers were affected.In an increasingly connected world, is it reasonable to assume you are isolatedfrom risk simply because you are too small to be directly targeted? The answer isclear, but it is yet to be widely recognised by the public at large.10 BBC: Yahoo 2013 data breach hit ‘all three billion 9349411 Hindu Business: 1bn records compromised in Aadhaar breach since uary-gemalto/article25224758.ece12 New York Times: Marriott Hacking Exposes Data of Up to 500 Million marriott-data-breach.html8Swiss Re Personal cyber insurance

Swiss Re Personal cyber insurance 9

Personal cyber insuranceDistribution channelsPerhaps unsurprisingly, the most likely way in which surveyed consumers said theywould buy cyber insurance is online. This is a target demographic that uses digitaltechnology, after all. Consequently, 77% of respondents told Swiss Re their preferredchannel would be direct online purchase, while 38% said they would prefer to selectpersonal cyber insurance as an optional add-on when registering their new onlineaccounts such as e-banking, mail service or social media.Only one-in-five would prefer a face-to-face consultation with their insurance agent.The traditional insurance company was named as the most preferred provider (72%)for personal cyber insurance, while roughly one third indicated they would be equallyinterested in buying their insurance policy via other providers such as hardwaredevice sellers, online platforms or telecom companies.Preferred way of buying personal cyber insurance in %OnlineAdd-on whenregistering newonline accountTraditional marketing(phone, e-mail)Face-to-face consultationwith insurance agent77382820Preferred providers of personal cyber insurance in %10Traditionalinsurance companyHardwaredevice sellerOnlineplatformsTelecomcompanies72333232Swiss Re Personal cyber insurance

Available personal cyber insurance productsin the marketWhile personal cyber insurance is slowly becoming increasingly common, it is still avery long way from being a mass market product, especially when compared withmore standard offerings like motor, household or even health insurance.Accessto assistance andservices arekey value drivers ofcyber insurancefor individualsFor the most part, existing personal cyber insurance policies tend to offer first-partycovers, to mitigate against financial loss in the event of a cybersecurity problem. Fewproducts provide cyber third-party coverage to protect individuals against liabilityclaims, which they might be exposed to because of their actions or inactions in thedigital world. This might include inadvertently forwarding a contaminated email andinfecting somebody else’s computer with malware.Anyone caught up in a cyberattack that has involved some sort of financial losswill want their cover to reimburse them. That level of cover is probably going tobe regarded as the bare minimum. However, many people will not be able to dealwith the complexity of the fallout from a cyberattack alone but need hands-onassistance. Conceivably, that could include the provision of technical help, accessto legal support, and possibly psychological counselling too. The addition of featuressuch as this will not only enhance the levels of cover, but will really help illustrate thevalue such personal cyber insurance policies represent.Potential additional services to enrich the risk transfer element A ccess to 24/7 expert hotline who helpspolicyholders recover quickly from a cyber incident S upport from IT specialists to clean devices andrestore compromised data Legal advice and consultation Psychological counselling to help with cyberbullying O nline training where policyholders can learn abouthow to improve their own cyber security postureSwiss Re Personal cyber insurance 11

Personal cyber insuranceNon-exhaustive list detailing the main and most common features and benefitsof personal cyber insuranceCyber coverCoverage descriptionExample scenariosFinancial fraud̤̤ Reimbursement of financial loss due tounauthorised use of your online paymentservices.̤̤ Cover for costs related to blocking and reissuingyour payment cards.̤̤ You become the victim of an email phishingattack where you voluntarily disclose youre-banking login credentials. This data is used totransfer and steal funds from your online bankaccount.Online shopping̤̤ Reimbursement of the purchase price of goodsyou bought online but which are not delivered,are damaged during delivery or wronglydelivered.̤̤ You place an order on a fake webshop with anidentical look and feel to a known retailer. Theorder you place will never be fulfilled as theentire enterprise is a sham designed to part youfrom your money.Identity theft̤̤ Reimbursement of the cost of rectifying recordswith banks/authorities and of unpaid leave whenyou take time off from work to meet with banks/authorities.̤̤ Costs for a consultant to restore credit recordsand personal identity.̤̤ Your credit card details are stolen and sold onthe dark web, following a retailer data breach.This data is then use

cyber insurance is expected to become a fast-growing market segment in the near future due to the rapidly increasing exposures consumers face today. The benefits of such an insurance product to individuals and families can range from support in improving people’s cyber security posture to financial compensation and expert help in the aftermath of a cyber incident. But for insurance companies .

Related Documents:

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY WHIT A Sponsored by While estimates vary widely, the cyber insurance market globally represents over 1 billion of written premiums. CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe collaborated with Advisen to conduct a comprehensive market survey on trends that are shaping the cyber insurance marketplace. The survey is .

Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.

Cyber insurance market growth: 10 The need for a more sustainable solution Cyber sustainability: 12 Genuine protection at the right price Conclusion: 17 Sharpening differentiation and return Contacts 18. 4 PwC Insurance 2020 & beyond: Reaping the dividends of cyber resilience Cyber insurance is a potentially huge, but still largely untapped, opportunity for insurers and reinsurers. We estimate .

With our reliance on ICT and the value of this data come risks to its security, integrity and failure. This cyber risk can either have a natural cause or be man-made, where the latter can emerge from human failure, cyber criminality (e.g. extortion, fraud), cyberwar, and . Ten Key Questions on Cyber Risk and Cyber Risk Insurance 9 Table 1 .

risks for cyber incidents and cyber attacks.” Substantial: “a level which aims to minimise known cyber risks, cyber incidents and cyber attacks carried out by actors with limited skills and resources.” High: “level which aims to minimise the risk of state-of-the-art cyber attacks carried out by actors with significant skills and .

Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber

the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.

American National Standards Institute (ANSI) A300 (Part 6) – 2012 Transplanting for Tree Care Operations – Tree, Shrub, and other Woody Plant Maintenance Standard Practices (Transplanting) Drip line The hole should be 1.5-2 times the width of the root ball. EX: a 32” root ball should have a minimum wide 48” hole