In 2020 the cyber insurance market will boom as a defence against digital assassins, predicts Billy Beckett
It’s possible to find the most intimate, personal information about someone, especially if they don't take active steps to protect their data. We routinely, casually, give away information that we also use for security: phone numbers, names of pets, dates of birth, the street we first lived on.
Not only are we complacent, but many of us haven’t taken any action to protect ourselves. Almost half of British people have never changed their email password.
This complacency leaves us exposed. Criminals can use our personal information to steal our money. But they can also do something that is potentially worse: they can use it to digitally assassinate us. They can take over and lock us out of our email, social media and even financial accounts, hijacking and killing our digital lives.
In 2020, as more people become aware of digital assassination, through high-profile scandals and their own experience of coming under attack, the personal cyber insurance market will start to rapidly grow. It will develop from a product bought by a few high-profile and wealthy individuals, to something that will become increasingly affordable for normal people.
Cybercrime affects everyone; from national governments, to businesses, to individuals. And the tools that criminal hackers, trolls and cyber soldiers use are increasingly sophisticated, widely available, and relatively easy to use.
As a result, we are seeing more and more cases of digital assassination, taking increasingly diverse forms. Digital assassins have varied motivations. For some, they just need the money, quickly. Hacking a victim gives them leverage to demand cash, or access to a valuable social media handle. Some digital assassins are salaried professionals, employed by state security agencies to hack into human rights groups and expose their highly sensitive private data.
Although the scale may change, the methods remain similar: finding and exploiting gaps in security to break into individuals’ accounts, steal their data and hijack their identity, in an attempt to destroy them online.
In May 2019, the Guardian’s Dylan Curran reported on a particularly brutal digital assassination of a young woman whose social media accounts were hacked. Her nude selfies were sent to her contacts, and she was permanently locked out of her accounts, including her email. The assassination was total - without her email, she couldn’t recover any other social media account.
As more people feel the effects of digital assassination, they will start to look for protection. In January 2019, the insurance firm Swiss Re published research showing half of the people surveyed would consider buying personal cyber insurance. They estimate that the global market for this product could be $3.1 billion by the year 2025.
These predictions have been wrong in the past. In 2000, a conservative forecast predicted a global market for cyber insurance worth $2.5 billion in 2005, yet by 2008 the market was only worth $0.5 billion.
However, 10 years on, the online world is a very different place. We have a much better understanding of the nature and scale of threats posed by cybercrime. Policymakers have been responding to these threats through, for example, the establishment of the National Cyber Security Centre in 2016.
Insurance companies are slowly starting to bring out products in response. In 2015, Privilege Underwriters Reciprocal Exchange, an insurer of high-net-worth individuals and families, announced a similar product. This year, State Farm launched Identity Theft Insurance and last June The Hartford Steam Boiler Inspection and Insurance Co. introduced HSB Home Cyber Protection, a product previously available only to businesses.
While the cyber insurance market is currently only a marginal industry patronised by a few paranoid millionaires, in 2020 it will grow to become a standard part of any home insurance package.
But what will this insurance protect you from, and what will it do for you if you face digital attacks? At one end of the scale it might be £25 a year to protect you, should your personal laptop be infected with malware and you need to pay a company to remove the virus.
At the other end of the scale might be someone high-profile who needs coverage, which might include eligibility criteria and background checks on the consumer. After a digital MOT, privacy experts from the insurance company might send a list of changes you’d have to make to your lifestyle, like frequently changing your phone number and passwords.
For advanced security, customers will be expected to sacrifice a degree of convenience in return for protection. You may have to use a physical authentication USB key to log into accounts, or be asked to encrypt your entire hard drive, or even use a faraday cage to prevent your devices from being hacked wirelessly.
However, the spread of digital protection could have the reverse effect, actually leading to a world where people are even less careful online. We could become over-reliant on our cyber insurance packages, which in turn could become increasingly invasive in order to protect us. Ultimately, in 2020 we could be handing over more and more data, and power, to a private insurance company.
Billy Beckett is Nesta's Stakeholder Relations Officer.