With Singapore on the road to being a Smart Nation and a global financial hub, the costs of cyber attacks are substantial. The government has made amendments to the Computer Misuse and Cybersecurity Act to further deter and punish cyberattacks and related activities.
A 2,600-strong Defence Cyber Organisation (DCO) has also been organised to safeguard military networks and resources under the Singapore Armed Forces and tackle unconventional cybersecurity challenges such as fake news and other forms of attacks. Such efforts shows the resolve of Singapore to deal with these threats and project confidence to citizens and investors that critical data and infrastructure is protected.
On a personal level, of all the major cyber threats faced by Singaporeans, the possibility of online scams and hacks occurring ranks highest. It is said that Singapore is 9 times more vulnerable to cyber attacks relative to larger countries like China and India.
To address the risk of losses that individuals and corporations have from cyber threats, insurance companies have created products to offer protection in the form of cybersecurity insurance.
What Is Cyber Insurance?
Cyber insurance is purchased mainly to provide coverage for individuals against losses resulting from data breaches or loss of electronically stored information. It can also extend to corporations that are also at risk of losing confidential client data through the hacking of their internal database systems.
Various forms of cyber insurance have existed for the past decade. However, market awareness towards cyber insurance has heightened recently due to high profile cyber attacks that have hit major countries and prominent individuals.
Who Is Cyber Insurance For?
Cyber insurance is offered to both individuals and companies. Companies like AIG and AXA offer such insurance policies in Singapore. Currrently, cyber insurance is mainly purchased by large corporations. Cyber insurance for individuals is still considered relatively new, with the first such insurance policy developed by AXA in 2014.
What Is Covered?
With respect to the individual, cyber insurance does not only cover the stealing of confidential data but also extends to disputes during online shopping. For instance, AXA’s individual cyber insurance covers the following.
These features appear promising, though insurers should regularly review them since the online threat landscape changes faster than in other insurance areas.
There is always the possibility of different interpretations with regards to certain terms in the policy. A simple example could be the term ‘risk’. Risk could mean the prevention of data breaches to policyholders but it may mean reducing an individual’s risk of financial loss from a cyber attack. This can apply to terms like E-reputation, among other terms in the policy. This misalignment in understanding of certain terms could mean the difference between getting your claim approved or not.
Another potential problem would be the cost of these premiums with relation to the risk of the policyholder. As with most insurance policies, the cost of the insurance premium would rise with the risk of the policyholder being exposed to cyber attacks. How would the level of risk of the individual be determined? Would it be through the net worth of the individual or the type of information posted on social media by the individual? Therefore, the amount of premium could vary in the future.
The Assessment Gap
The various scenarios that could result from a cyber insurance attack may not be easily assessable due to the grey areas involved. This coupled with the assessment frameworks used by the insurance providers, that are more inclined to quantitative models to make such assessments, may make it even more ambiguous to come to a definitive outcome.
Should You Get It?
Since the policies for cyber insurance for individuals are still developing and evolving, you should consider these factors before purchasing it like an ordinary health insurance policy.
How Much Do You Stand To Lose?
The point of having insurance is to protect the loss of your assets which the policyholder feels is valued higher than the cost he is willing to pay. When it comes to cyber insurance, it is worth thinking twice whether the information in your personal electronic devices are worth forking out the annual premium. It would make more sense for high net worth individuals and politicians to purchase such an insurance policy where the premiums are close to negligible to them. This is especially so when they stand to lose much more than the average policyholder.
Are You Already Adequately Protected?
Since most Singaporeans do store away their savings in a bank, one way of measuring this is to find out if your local banks are sufficiently secured against cyber-attacks. The recent ‘WannaCry’ cyber security attack has highlighted the inadequate cyber security protection of businesses and other governments have. With Singapore being a target for a cyber-attack, one would expect local banks such as DBS and OCBC to step up their cyber security that is set out in the Monetary Authority of Singapore (MAS)’s Technology Risk Management Guidelines. If there is strong confidence in the financial institutions to resist these attacks, perhaps you are better off not purchasing an cyber insurance policy.