Many people are more worried about cybercrime than violent crimes. In response to this, the insurance sector can offer a range of products to suit the digital age. The company Vertafore says cyber insurance should be mandatory for every citizen, not just those running a business.
To understand more about this new form of insurance, Digital Journal spoke with Sharmila Ray, Senior Vice President, Product and Strategy at Vertafore.
DJ: How can people best protect themselves from cybercrime?
Sharmila Ray: Use multi-factor authentication (MFA) when it is available on websites and mobile applications. Usernames and passwords can be compromised, but MFA is an additional safeguard. Also, have strong passwords that meet modern security data. Use complex passwords with at least eight characters that include upper case letters, numbers, and special characters. Also, consider using a password manager that can store and generate passwords.
Install mobile security applications on your mobile phones and tablets to defend against malware and unsafe wi-fi hotspots and use the native encryption (Advance Encryption Standard 256, AES256) on mobile devices to help protect your information if the device is lost or stolen.
Other advice is to use personal cloud storage services to back up sensitive data as a way to counteract a potential ransomware attack; patch your operating systems regularly with the latest updates to help defend against exploitable vulnerabilities; check the source e-mail address of any questionable emails, particularly those demanding immediate action. When in doubt—delete. And check your credit report regularly to detect fraud as soon as it happens.
DJ: Why should people take out cybercrime insurance?
Ray: Given the amount of personal data stored on smartphones these days, and the average person’s tendency to lose their phone, the risk that someone will gain access to that personal data is higher than ever. The cost to undo damage to your credit report or your identity is also significant. Also, many banks do not take responsibility for funds wrongfully debited from your account. Cyber insurance can protect you against those losses.
DJ: What types of things would this form if insurance apply to?
Ray: Cyber insurance policy coverages vary widely, but most often cover ransom and extortion payments associated with ransomware attacks, identity theft fees and data restoration expenses in the event of a personal or commercial cybersecurity breach.
DJ: Should the insurance be compulsory?
Ray: Today, we believe practices around maintaining security around personal data vary widely, but only those individuals that stand to lose a significant amount in the event of a breach or do not take proper security precautions, strongly consider cyber insurance. That said, as time goes on, more and more of our data will be stored in the cloud and on personal devices that are prone to being hacked and hackers will gain in sophistication. Can and should it at some point become compulsory as part of a personal property policy? Absolutely.
DJ: Under this insurance model would policy holders be penalized if they don’t follow good practices, such as having weak passwords?
Ray: I don’t believe that penalties are accepted practice in the insurance industry. But, policyholders that do not follow good practices may be penalized in the underwriting process by paying higher premiums based on a review of their current practices.
DJ: What would the typical cost of an insurance plan be?
Ray: This would vary highly by individual, but typically a few hundred to a few thousand dollars a year.