AIG recently began selling cyber security insurance plans on an individual level aimed at the upper class. The article analyzes the various factors that may affect the success of this endeavor. For example, the risk pool may have an adverse selection problem, the actual risk might be too difficult to calculate, and there might not be enough demand. However, the author also postulates that AIG can be profitable from this due to its ability to collect massive amounts of data and absorb high loss rates while it figures everything out.
I think its an interesting idea, but I don’t know how realistic individual cyber security insurance is. I understand that having bank account numbers lost is something to protect against, but at the same time, credit cards that get stolen generally totally absolve their customers of any fraudulent charges. I think that moving in this customer service direction is more realistically the way of the future which would invalidate the need for that kind of insurance. Another thought I had is that it would be difficult for one person to incur significant losses to validate the need for insurance. I could be wrong and this form of insurance could be super lucrative, who knows.
Anthony, very interesting article. I just had a conversation with a colleague a few weeks ago. We were discussing ransom ware. A client of his was hit with Cryptolocker and lost some very important files. They were faced with a decision on paying the ransom or losing the files. They decided that it was easier to re-create the files they lost, they had the ability to do that. It was a money decision. X amount to recreate, Y amount to pay the ransom.
So, we had talked about business continuity and insurance. They had insurance to cover them in the event of things like fire, building damage, etc. We started to talk about coverage for cyber attacks too. Didn’t think it would take long before companies would start offering this type of thing!