Within a cyber insurance industry niche chock full of inherent underwriting challenges is a fast-developing, controversial use of the virtual world.
Cryptographic digital currency—most commonly referred to as Bitcoin since it is the world’s largest form of this currency—is gaining legitimacy. Late last year former Federal Reserve chairman Ben Bernanke told the Senate digital currencies “may hold long-term promise.”
Bitcoin’s designers are known only by a pseudonym. The currency—used to make payments directly from one “wallet” to another over the Internet with little or very small transaction fees—is mathematically generated through a process known as “mining.”
Bitcoin has no central bank and no government authority. Its value can swing wildly based on its use now and its predicted future use; there is no subjective value (Bitcoin recently traded above $1,000 from $10 early last year) and it can be traded in infinite divisibility.
Open a newspaper or turn on the financial news and you’ll soon find a story on the intriguing, some say misunderstood, Bitcoin.
Inevitably, “cryptocurrency” and its potential risks have pinged on the insurance industry radar.
“It is our job to stay ahead and identify exposures,” David Derigiotis, head of the Burns & Wilcox Professional Liability Center of Excellence and a cyber expert, told Advisen. “Bitcoin is a really interesting, new phenomenon with what looks to be some serious cyber concerns.”
“We’ve spent a lot of time researching this to figure out how it can potentially affect lines of coverage or create gaps in coverage–and whether new solutions are needed,” said Toby Merrill, vice president of ACE Professional Risk. “I’d have to say right now it’s too early to say we understand the risk.”
Already, hackers have stolen different digital currencies on a number of occasions.
A 2012 report on Bitcoin from the FBI concluded “criminals intending to steal Bitcoins can target and exploit third-party Bitcoin services and an individual’s Bitcoin wallet.”
Bitcoin transactions are public—recorded on a public ledger—but users are only identified by Bitcoin addresses, or pseudonyms. This has left the currency open to criticism that it could be used for illegal activity such as money laundering, drugs and funding terrorism.
The FBI said the currency “will likely continue to attract cyber criminals who view it as a means to move or steal funds as well as a means of making donations to illicit groups.”
But an investor in Bitcoin startups, Marc Andreessen, wrote that Bitcoin is “considerably easier for law enforcement to trace than cash, gold or diamonds.”
Supporters and critics of Bitcoin can continue to debate, but in the meantime the confusion surrounding digital currency is giving the insurance industry headaches.
“It’s very difficult to gauge the risk and exposures,” said Derigiotis. “If Bitcoins are stolen, they are gone, like cash, and there is no way to recoup the loss.”
He said he thought some underwriting could be done for organizations storing coins.
Elliptic Vault, a London storage facility of private encrypted keys to Bitcoins, recently said it is the first storage service insured against loss and theft. Co-founder Tom Robinson told the BBC an insurer was not easy to find since the industry was prejudiced by negative publicity, but eventually Lloyd’s of London wrote the risk.
Reportedly, payouts will be based upon using a Bitcoin to US dollar exchange rate.
Robinson did not respond to requests for comment.
Oliver Brew, a technology and privacy insurance specialist with Liberty International Underwriters, told Advisen he can see a scenario of some insurable and some uninsurable risks associated with Bitcoin.
One thing is for sure, clients are asking about the risks.
“They want to know how, if at all, to address accepting Bitcoin [as a form of payment],” said Brew. “We try to outline the potential exposures.”
Derigiotis and Brew said the nature of digital currency leads them to think Bitcoin risks may be addressed in crime coverage rather than cyber coverage—or a mixture of the two—since there is no data stolen during a breach.
Brew said it is conceivable some coverage is available under cyber policies, such as cyber extortion or expenses related to a hacking incident.
“The industry is still getting its arms around the exposure and the limits it could offer,” said Derigiotis.
Merrill said the currency may need to be regulated before it enjoys mainstream use or serious consideration from the insurance industry, which prefers processes and standards. And if Bitcoin does begin to enjoy success? “Systems with the largest market share tend to draw the largest attacks,” he said.
“It will be interesting to see if [digital currency] does gain critical mass because with that comes the attention of the dark side—the hackers,” said Robert Parisi, Marsh’s technology, network risk, and telecommunications specialist. “It will at some point have a target on its back.”
Parisi said he has not fielded calls related to the use of Bitcoins or whether digital currency acceptance would create problems for carriers.
Product innovation is driven by customer demand and “so far the focus on this seems to be as an interesting topic but not yet as a mainstream vehicle for transactions,” said Brew.
Parisi called Bitcoin “clever,” but added that “it remains to be seen whether it has legs.”
Brew added: “Can I see a time in the near future when it is? That isn’t hard to imagine and any commodity that increases value by 20-fold is going to keep continued interest.”