Today’s criminals don’t want just your jewelry or car anymore — they want your digital property.
According to the FBI, there were nearly 8 million property crimes in 2015, with victims of these crimes suffering losses of over $14 billion. Property losses were dwarfed, however, by nearly $30 billion in estimated losses that cybercrime inflicted on U.S. consumers in the past year, according to Symantec.
Digital risks are outpacing traditional risks, creating new opportunities for the home insurance marketplace.
The current generation of cyberattacks have begun to target the digital devices and systems that connect us all on a daily basis, exposing novel areas of risk. Online cyber thieves encounter a wealth of avenues to steal components of an individual’s identity, starting with something as simple as a social media account that lists an individual’s birth date, which can be matched with other stolen personal data to hijack an identity. Most people’s mobile devices contain personal data that are a gold mine for hackers, including passwords to banks and healthcare portals and copies of tax statements with social security numbers.
On a daily basis, major retailers, banks and online providers report stolen data, with each hack exposing more consumers. Juniper Research predicts that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, almost four times the estimated cost of global breaches in 2015. At this point, the digital identities of millions of consumers have already been exposed and offered for sale on the dark side of the Internet.
Today, however, digital risk is much broader than identity theft. A new generation of risks has emerged as people spend more of their lives on online. Fake news, Internet trolls and cyber bullying have notoriously victimized innocent people and businesses online, causing reputational harm that can have devastating consequences. Most victims lack the skills or technology to address reputational harm in the free-for-all of the internet.
Once reserved for business owners and prominent public figures, ransomware is trickling into the consumer space, and malware has begun to infiltrate any vulnerable system that cannot defend itself. Criminals can purchase hacking kits online for just a few dollars and they are turning their sights on security gaps in homes as well as businesses.
At the same time, people routinely expose themselves to cybercrime by sharing a wide range of personal details on social networks. Birth dates and locations, addresses, schools, family members’ names and other affiliations can all be used to authenticate an identity, and cybercriminals are all too ready to use these kinds of details to their advantage.
For many victims, the impacts can be life-changing. Identity theft creates immediate financial hardship for victims, but it can go well beyond, potentially impacting a victim’s employment and housing options, even their educational opportunities. The damage can extend for years as victims’ personal data is bought and sold on illicit websites to any number of criminals. It’s difficult to make someone whole again after such an intrusion, and monetary compensation only addresses a portion of the person’s loss.
Coverage gaps in homeowners’ insurance
For more than 10 years, homeowners’ insurance carriers have offered a variety of coverage options to victims of identity theft, which range from expense reimbursement to expert assistance that helps victims recover their identities, to tools that monitor and detect fraud. Millions of Americans are already covered, or have access to services, for free or at a significant discount, through their insurance company. But current coverage options don’t address the latest cybercrime techniques, leaving consumers on their own without expertise or recourse.
Related: 7 homeowners trends for 2017
Most policies that cover identity theft are aligned with the Fair Credit Reporting Act (FCRA) regulations, which shield consumers from fraudulent charges when their data is stolen. However, a growing number of cyber exposures don’t fall into this category. Social media credentials stored in a stolen smartphone are not covered by FCRA or similar protections, for instance.
Hackers may also attempt to use a pilfered device to execute social engineering scams, which can include posing as a victim to solicit money from relatives or trying to initiate an electronic funds transfer, a transaction that isn’t covered by federal reimbursement laws.
Commercial insurers have already recognized the opportunity to address a business’s full-scale digital risk with fast growing cyber insurance offerings. Now these approaches have been adapted for the home insurance market, enabling carriers to offer family cyber coverage.
Rethinking personal lines policy coverage for the digital age
Policies that provide family cyber coverage can help pay for the extortion associated with ransomware and similar attacks.
Coverage to address system compromise is also gaining traction. It helps victims whose technology platforms have been attacked, either by a targeted hack or by malware, and who may need assistance restoring everything to working order. The forensics consulting that identifies the source of these exposures and outlines solutions to close existing leaks may also be included in cyber policies. These coverage options may also provide reimbursement for technical assistance. With these updates, conventional personal lines coverage can provide adequate protection for valuable digital assets.
Most people don’t know how to respond to cyber bullies, social media hijackers or Internet trolls. Reputational coverage can act like a personal advocate online, clearing away erroneous or negative statements and restoring the victim’s control.
In 2017, the insurance market will see family cyber coverage being introduced for the first time that addresses issues such as cyber bullying and protection against online reputational damage. Carriers will be able to respond to these more complex risks, offering coverage, expert support and tools that make a real impact on victims’ lives.
In the cold world of cybercrime, technical savvy and the human touch are essential components of the next generation of personal lines coverage for these kinds of digital exposures.
Related: Keep employee data safe
Matt Cullina has 15 years of insurance industry management, claims and product development experience. He is the CEO of Scottsdale, Ariz.-based CyberScout (formerly IDT911), a consultative provider of identity and data risk management, resolution and education services. Connect with him via LinkedIn.