AIG recently began selling cyber security insurance plans on an individual level aimed at the upper class. The article analyzes the various factors that may affect the success of this endeavor. For example, the risk pool may have an adverse selection problem, the actual risk might be too difficult to calculate, and there might not be enough demand. However, the author also postulates that AIG can be profitable from this due to its ability to collect massive amounts of data and absorb high loss rates while it figures everything out.
I think its an interesting idea, but I don’t know how realistic individual cyber security insurance is. I understand that having bank account numbers lost is something to protect against, but at the same time, credit cards that get stolen generally totally absolve their customers of any fraudulent charges. I think that moving in this customer service direction is more realistically the way of the future which would invalidate the need for that kind of insurance. Another thought I had is that it would be difficult for one person to incur significant losses to validate the need for insurance. I could be wrong and this form of insurance could be super lucrative, who knows.