7 minute read
Q&A
Cyber insurance gets personal
Cyber insurance to protect against cyber bullying and other personal risks has launched in New Zealand. Laura Murray, head of personal cyber at Delta Insurance, talks to Covernote about why individuals also need cyber protection.
Q. Why is personal cyber protection insurance necessary?
Laura Murray: Because, unfortunately, cyber-crime is on the increase globally, and the COVID pandemic has only served to worsen that. As more people work from home on insecure networks and devices, and spend more time online, clicking on links for health information and government updates and the like, this provides enormous opportunity for cyber-criminals to launch spoof websites, run phishing scams and hack your network. Data can exist on the Dark Web for years, where hackers and cyber-criminals can then transact Personally Identifiable Information on a case-by-case basis; for example, a scanned copy of a driver’s licence which was originally held on your network can be sold for a premium.
The rise in smart technology - the Internet of Things (IoT) - such as smart home appliances and systems and wearable tech also means there is access to a vast
array of personal data including passwords, log-ins and even health information and if a hacker gets in, they can lock you out of your own accounts, extort you or family members, and even access your employer’s network.
The risks through the IoT should concern everyone, given the security vulnerabilities, the vast array of information captured by IoT tech, and the way these new products are often rushed to market. The number of IoT devices is expected to reach 41 billion by 2027, and these emerging tools and technologies enable significant efficiency improvements for homes and businesses – but are we prepared for the security threats that come with them? Q. What is the typical customer profile for this kind of product?
LM: There isn’t a “typical” customer as such, because everyone is at risk in the age of the web, smart devices, online banking, and numerous apps and emails which can easily be compromised by cyber-criminals.
Delta have been focussed on business customers so far, because there is such a concerning increase in corporate cyber-attacks, and we want them to have this coverage in place so employees get preventative training and cybereducation, as well as insurance protection if they fall victim to a cybercrime. We provide a free IT consult on the security of each employee’s home network, so they can fix any vulnerabilities in their devices and home set-up before potentially being attacked and used as a point of entry into the corporate network.
We can also now provide this coverage to personal customers, and feedback from our broker partners is that families are very worried about cyber-attacks, especially with children home-schooling on devices and so much working from home going on nowadays. This product
is an excellent way to provide protection for the issues consumers are concerned about now – which is less about having their TV or other home contents stolen and more about the consequences of their personal data, photos, logins, banking credentials or identity being stolen. Q. Are more individuals being targeted by identity theft and ransomware in NZ?
LM: Yes. And sometimes these ransomware attacks are conducted for the purpose of accessing other information, for example, gaining access to the individual’s work network, particularly if they are in a senior management position or have accounting duties. But cyber-criminals will use just about anyone (with a more insecure network) as a way to gain access into a larger organisation’s network. Cert NZ provides some great, simple information on what to do to prevent identity theft, and what to do if it occurs. https://www.cert.govt.nz/individuals/common-threats/ online-identity-theft/
Delta Personal Cyber customers can also access Cyber Scout, our specialised claims triage partner, and the New Zealand-based techies at “Geeks on Wheels” to assist with these issues. Q. Who is targeting Kiwis in this way?
LM: It is very difficult to ascertain exactly who the cybercriminals are because they hide behind false names and IP addresses and are incredibly tech-savvy and professional at what they do. They are also extremely quick to pivot when one hack is patched away, and they don’t care as much about your one personal device, but more about the broader opportunities to attack you and your employer.
The hacker communities are generally located offshore, however, and do not discriminate in who they will target – they are opportunists and will run phishing campaigns, social engineering scams and other large-scale, automated campaigns, until they succeed in getting someone to fall victim. These organisations are slick and run as efficiently as large corporate businesses, and in general are using cryptocurrencies to demand payment in order to release your data.
Over the Christmas period many people received texts about unpaid taxes for imported goods, which was actually cyber-criminals capitalising on the Christmas gift-buying to use them as an attack vector, using stolen phone records to just spam-text multiple individuals to carry out phishing attacks. This has nothing to do with your security protocols or which device you have; it is just another massive wave of social engineering. Q. What will your online shopping fraud product cover, and why did you launch it?
LM: I have had a lot of questions from brokers and others about whether the Personal Cyber policy would respond if you were tricked into buying something online, which turned out to be a phoney website and you lost your money. The answer was no – the policy would not respond as this is more of a social engineering cover, and our wording was (previously) more traditional cyber cover; for example, we were picking up costs that were a direct consequence of a network being hacked, rather than online scams such as this.
But the good news is that, with our new capacity partner, we are now able to offer this coverage, so if you have been induced to use a fraudulent website and the goods are never sent or don’t exist, and you cannot get them to refund you for the goods, then you can now lodge a claim for this. We don’t, however, pay for online shopping fraud losses if the loss is reimbursable by a bank or credit card company. Q. Why did Delta create a cyber-bullying policy, and what kind of events will it cover?
LM: It is something I heard of and was aware was available in some international cyber wordings so when we researched new coverage and new underwriting capacity last year, I really wanted to include it in Delta’s policy, so Kiwis could get the same calibre of cover overseas markets offered, and to help future-proof the product.
There is not a huge amount of data on the costs of cyber-bullying in NZ, but we know the true costs are emotional and psychological more than financial, and this kind of human-centric, non-traditional insurance indemnity is really interesting to me, and I believe will provide even more tangible value to our customers.
Our policy defines a Cyber Bullying Event as three or more related acts by the same person (or group of people) and coverage of $25,000 is available. If you, or someone else insured under your policy are intimidated, harassed or humiliated and this results in mental injury which leads to your inability to attend school or work fulltime for more than a week then you can access support from our claims triage partner Cyber Scout and lodge a claim.
Our policy covers cyber-bullying expenses you may incur such as: the costs of up to 15 hours of psychiatric services to address the diagnosed depression, mental anguish or shock caused; professional digital forensic analysis to aid in the prosecution of a cyber-bullying event you have suffered from; professional cyber-security consultant services; and professional public relations consultant services. Q. What are the repercussions of cyber-bullying and why does it require insurance coverage?
LM: Unfortunately, the repercussions can be severe and take a huge toll on individuals and families. The most significant resultant damage is not material damage or financial loss (as is traditionally the trigger for reimbursement in an insurance contract) but the trauma, stress, emotional cost and time lost while the person suffers and tries to cope with the situation. For this reason insurance can never fully repair the damage that cyber-bullying causes people, but we can provide expert assistance in the form of cyber support, mental health support, public image help and most importantly, we can take care of all these bills so that you can access the very best people, when you need them the most.