Personal cyber insurance constitutes a substantial step up from identity theft coverage in that it addresses a range of first- and third-party exposures. What else is different in the personal cyber arena?

HOME, SWEET CYBER HOME

Personal cyber insurance is becoming a component of household coverage

By Joseph S. Harrington, CPCU

Cyber insurance has had an interesting evolution, and that evolution continues—right into our homes.

It seems like only yesterday that cyber insurance was a rarefied coverage sold to IT professionals who often were reluctant to buy it, because insurance for data breaches and security flaws could be viewed as implicitly critical of their own work.

Fast forward and today we find cyber insurance to be a common component of commercial package policies for enterprises of all types and sizes.

Hard on its heels is the latest insurance for our networked world: personal cyber insurance. Introduced by Hartford Steam Boiler in 2016, personal lines coverage for cyber exposures has become a standard offering of insurers who insure high-net-worth households. Several standard homeowners insurers have followed suit and now offer personal cyber coverage by endorsement or through stand-alone policies.

While personal cyber coverage is evolving a common set of coverages, they are far from standardized, and may never become so … .

Personal cyber insurance expands upon and supplants the “identity theft” or “identity fraud” coverage offered by endorsement over the past 25 or so years.

Those endorsements generally provide coverage for costs insureds incur to correct accounts, re-establish credit, and otherwise put their affairs in order after having their identity used for unauthorized purposes. Identity theft endorsements may also provide compensation for funds lost due to an identity fraud, up to a separate limit for the coverage.

All day, every day

Personal cyber insurance constitutes a substantial step up from identity theft coverage in that it addresses a range of first- and third-party exposures. Part of the reason for the expansion of personal lines coverage for cyber exposures is within the residence itself.

“Smart homes,” common among high-net-worth households and growing more popular in other income cohorts, have electronic sensors installed to detect fire, water, and security hazards; these sensors are constantly connected online to an outside service through Wi-Fi or a household network, with the data available on home computers, as well.

That boost to home safety carries with it the added risk of having a household connected to the internet 24 hours a day. For the most part, the sensors never shut down and disconnect.

If a home owner has an older operating system or does not use the most up-to-date computer security, this around-the-clock vulnerability gives attackers added opportunity to access a home network for account data or other personal information, to compromise the system, or to plant viruses and malware that could affect others.

To address growing exposures, personal cyber policies generally provide coverage under separate per-event and aggregate limits for most or all of these types of losses:

• Forensic costs of detecting and rectifying the cause of a breach;
• Legal costs for notifying third parties that their private information was accessed by unauthorized persons, or that they may have been exposed to viruses or malware;
• Reimbursement of funds or assets lost to fraud, sometimes even if they were surrendered voluntarily in a “phishing” or “social engineering” scam;
• Costs of dealing with a “ransomware” incident, in which an attacker threatens to expose private information or paralyzes a computer network unless and until a ransom is paid; and
• Costs to recover from incidents of “cyberbullying,” including costs for counseling, legal action, relocation, or specialized tutoring (for students harassed out of school).

While personal cyber coverage is evolving a common set of coverages, they are far from standardized, and may never become so, given how rapidly cyber risks and capabilities (the value at risk) evolve and change.

For example, under those policies that cover ransomware losses, some cover only the cost of utilizing expert negotiators, while others cover payments made to extortionists, as well, up to a limit.

Personal lines agents and brokers will have to become familiar with the way cyber policies feature different insuring agreements under different limits, as this can have a surprising effect on a final loss settlement. There’s not much choice but to get on the personal cyber coverage bandwagon. It’s becoming a standard personal lines coverage, and will likely be one of the most complicated.

The author

Joseph S. Harrington, CPCU, is an independent business writer specializing in property and casualty insurance coverages and operations. For 21 years, Joe was the communications director for the American Association of Insurance Services (AAIS), a P-C advisory organization. Prior to that, Joe worked in journalism and as a reporter and editor in financial services.