Tag Archives: Cybersecurity

A brief history of ransom insurance

Did you know that ransom insurance is one of the oldest insurance coverages out there?

People needed insurance because of pirates

Beginning in the early 16th and continuing into the 19th century, state-supported pirates and privateers operating out of North African coastal cities (the “Barbary States”) preyed upon European and colonial commercial shipping.

One lucrative practice was to capture a ship and sell everyone on board into slavery. We don’t know exactly how many people were captured over the centuries, but they probably numbered in the hundreds of thousands. You may have even heard of one particularly famous captive: Miguel de Cervantes, author of Don Quixote.

(Fun fact: some of the first military conflicts for a young United States were the “Barbary Wars” from 1801 – 1805 and again in 1815 – 1816, which were attempts to stop pirate depredations on American shipping. One researcher estimated that the annual costs of Barbary piracy to the U.S., including insurance costs, were equivalent to $10 billion to $20 billion in terms of today’s economy.)

How did ransom insurance work?

Slaves could generally regain their freedom in two ways (if you don’t count mounting a daring escape). One was to convert to Islam – the Barbary States were Muslim and most of their captives were Christian.

A second way was to pay a ransom.

In the early days, churches and families would set up collections to help pay for the release of enslaved captives. That’s how Cervantes was freed in 1580. But starting in the 17th century, cities and states also began to set up ransom insurance pools.

One of the first pools, called the “Sklavenkasse” (literally: “slave insurance”), was established in the German port city Hamburg in the 1620s. That’s over 60 years before Lloyd’s coffeehouse was first mentioned as a proto-insurance shop.

Other places soon followed suit with insurance pools of their own. Individual sailors, churches, and shipping organizations would typically contribute to these pools, which paid out when a participant was captured by Barbary pirates and held for ransom. There were even established rates for how much a ransom should cost: a steersman could fetch 700 Reichstaler (the currency used in Germany at the time), while a common sailor cost a mere 60 Reichstaler.

(For the German speakers out there, you can read more about how the pools worked here.)

Ransom insurance today

Although Barbary piracy faded away in the 19th century, ransom insurance is still available today, usually for important individuals who travel to dangerous regions. Called “kidnap and ransom insurance”, it generally reimburses for ransom payments and other damages, including some medical payments.

And because criminals are creative, we also now have “ransomware” insurance, which covers costs from a ransomware attack. That’s when a hacker freezes a computer system – and will only unfreeze it in exchange for a ransom payment, usually in bitcoin. How the times have changed.

Small businesses need cyber insurance – just like everyone else.

Used to be, hackers would spend most of their time hitting big companies with deep pockets and troves of customer data.  

But the times have changed. Launching a hack is as cheap and as easy as never before. Because of this, lots of hackers are playing small-ball by going after small businesses.  

Their calculations make sense. A ransomware payout might only be a few hundred dollars, but if hackers can hit hundreds of businesses simultaneously, their ill-gotten loot adds up pretty quickly.  

Small businesses know they’re at risk. According to a recent Insurance Information Institute (I.I.I.) and J.D. Power 2018 Small Business Cyber Insurance and Security Spotlight Survey, 70 percent of surveyed businesses said that the risk of being victimized by a cyberattack is growing at an alarming rate.  

But only a minority have cyber insurance. Only 31 percent said they have cyber insurance – and 70 percent said they don’t have plans to purchase a policy. (Commercial cyber insurance varies across policies but will usually cover expenses incurred from a data breach, like lost revenue, legal costs, and crisis-management.) 

Meanwhile, we found that 10 percent of respondents said they have experienced at least one cyber incident in the prior year. To give you some perspective, that’s about the same rate as drivers get into auto accidents.  

Imagine getting into an accident and not having auto insurance. It’s an expensive proposition. The same goes for cyberattacks – we found that the average small business cyber losses for the past year were $188,400. That’s a lot of money for a small company to absorb.   

As hackers continue to get nimbler, the need for small businesses to have cyber insurance will grow. It’s incumbent on insurers to educate their business clients about the value of cyber coverage.  

And the value is there to see: 97 percent of our survey respondents who had cyber insurance and were hacked said that their coverage was good enough to make them whole again.  

Survey: People are aware of cyberrisks, but many aren’t doing anything about them

even your coffee maker can get hacked these days.

A lawyer once warned me during a seminar that I should never, ever send an email – ever. “Get on a phone instead,” he counseled. (I assume he hadn’t watched The Wire.) 

Impossible to follow as his advice was, it stuck with me because he was right, in a way. If there’s anything we should’ve learned after all the data breaches these past few years, it’s that nothing about our online lives is safe from prying eyes. Not Social Security numbersNot medical records. And definitely not our social media activity 

People know the risks. The good news is that many American consumers are aware that their connected lives are incredibly vulnerable. According to a recent Insurance Information Institute and J.D. Power 2018 Consumer Cyber Insurance and Security Spotlight SurveySM, almost seven out of 10 connected technology owners (69 percent) are not comfortable sharing personal information on social media such as Facebook and Instagram. 

But behavior is slow to change. The bad news is that only about a third changed the way they used social media or connected technology after learning about recent data abuses and breaches. 

And it’s even more alarming that fully 85 percent of surveyed connected technology owners either don’t have cyberrisk insurance or don’t know if they do.  

Education and insurance are important. Just like in real life (wear a helmet, everybody!), leading a safe online life starts with education about the risks involved. That education includes learning how insurance can help. Insurers are in a unique position to spearhead these education efforts – people will often turn to their insurance company after they’ve suffered losses from a data breach.  

But consumers first need to learn about the cyber insurance options out there that can help immensely after a hack. For that to happen, insurers need to demonstrate to consumers the relatively inexpensive and valuable coverage that is available to protect them.  

The alternative is for all of us to go back to sending letters by snail mail – or, if a certain lawyer is to be believed, never writing anything down at all.  

People Get Hacked. Insurance Can Help.

get protected.

It’s October – and that means it’s National Cybersecurity Awareness Month.

The National Cyber Security Alliance has dedicated the first week to making homes safe from hacking. And for good reason. Families are increasingly living connected lives: on social media, in video games, and through “smart” home technology like connected thermostats or burglar alarms.

So-called “smart tech” (otherwise known as the Internet of Things) is only getting more popular: three out of five Americans have connected technology in their homes, according to a recent Insurance Information Institute and J.D. Power 2018 Consumer Cyber Insurance and Security Spotlight SurveySM.

Smart tech is convenient and efficient. Why not buy a thermostat that can automatically adjust the temperature to save you money?

Your smart tech can be hacked. But convenience can be costly. Hackers are getting more sophisticated. Your smart security system might discourage burglars – but not hackers. Hackers can use your smart thermostat to attack major websites, which is what happened in several major hacks.

Nearly a third of the smart tech owners surveyed said they have been identity theft victims.

People aren’t covered for cyberrisk. More than four out of five American consumers who own connected devices either lack insurance to protect them from cyberthreats or do not know if they are covered – and over 75 percent said they don’t plan to pay more for cyberrisks coverages.

That’s not great. Cyberrisk coverages are usually fairly inexpensive, sometimes as low as $30 per year. For that low price consumers can often get help for a range of cyber threats, including identity theft, cyberbullying, and ransomware (depending on the individual policy).

Education about cyberrisks is crucial. It’s a simple problem: People often don’t have cyberrisks coverage because they don’t know much about cyberrisks. Which also explains why many cyber-attacks are essentially “user error” – for example, a hacker sends a disguised email and a user clicks on a link, downloading malicious code onto their computer. Or someone buys a smart tech device and doesn’t change the factory password.

Getting educated about the risks of hacking is the first step to protecting your data. The next step is to use security tools. One such tool is insurance.

Insurance helps. Insurers need to make that clear. Whether as an add-on coverage to a homeowners policy or as a stand-alone policy, cyberrisks insurance can help protect you if you’re hacked. But the I.I.I/J.D. Power survey found that many people don’t know about this kind of insurance.

Insurers need to help educate their customers about the cyberrisks they face. Then they can help their customers understand why insurance can be a low-cost tool to protect their identities and assets.

Where To Go For Small Business Cybersecurity Advice

Small businesses are increasingly vulnerable to cyberattacks. A new website launched by the Federal Trade Commission (FTC) is aimed at helping small business owners be better prepared.

The site – ftc.gov/SmallBusiness – is a one-stop shop where small business owners can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.

Online FTC resources include a new Small Business Computer Security Basics guide with information to help companies protect their files and devices, train employees to think twice before sharing the business’s account information, and keep their wireless network protected, as well as how to respond to a data breach.

Specific information on ransomware and phishing schemes targeting small businesses is also provided.

According to the U.S. Small Business Administration, there are more than 28 million small businesses nationwide, employing nearly 57 million people.

Cyberattacks can be particularly damaging to small businesses, and many lack the resources that larger companies have to devote to cybersecurity.

For example, the percentage of spear-phishing attacks targeting small business rose from 18 percent to 43 percent between 2011 and 2015.

Insurance is one of the ways in which small businesses can protect themselves. See I.I.I. resources on cyber liability risks.