[dropcap size=small]A[/dropcap]merican Insurance Group, aka AIG, has announced that it is now offering a new type of insurance policy, one that will compensate companies and individuals, that have suffered losses due to cyber attacks that damage property and harm people. Tracey Alloway, writing from New York Financial Times, reports that this new insurance policy is the first of its kind from a major international insurer and offers a level of cover beyond that previously available. In the past policies were available but they only covered corporate losses arising from data breaches. At the present time more and more devices are connected directly to the internet and this exposes many companies and individuals to significant risk. This new policy will be available as an optional add-on to existing, cyber risk, insurance policies.
AIG’s cyber insurance section’s head of professional liability, Tracie Grella, , said AIG had identified a niche in a developing market and developed the new insurance policy as a response to increasing demands from American Cyber security platforms as well as meeting the ever increasing needs of its portfolio of corporate clients.
“They’re seeing that all the products they’re developing are connecting to the internet and it does allow for attacks that could cause bodily injury or damage the products,” said Ms Grella. She went on to declare that AIG has already paid out insurance compensation to victims of the Heartbleed bug.
Prior to AIG entering the market, there were few companies willing to assume risk in this area as there was a severe dearth in the availability of data that could be analysed by actuaries in order to estimate risk. AIG relied on data from similar areas of risk to calculate the rates required.
The US government is rumored to be particularly concerned by the possibility of critical infrastructure controllers being targeted. Criminals could decide to hack into power generation and transmission systems, into banks and security services. An example was even given of a virus being placed, as a trojan or possibly a worm, within a machine as vital as an internet-enabled pacemaker. This would potentially give a whole new meaning to Heartbleed. Criminals could hold their victims to ransom or even carry out contract killings. Ms. Grella went on to say: “There are viruses out there that can attack industrial control systems and cause damage. We’ve seen that trains can be redirected,” She went on to say: “There’s an endless amount of ways that these types of incidents could occur.”
So far, AIG doesn’t seem to have any Bitcoin related clients to truly test the bounds of their cyber insurance. It will be interesting to see if AIG will assume the insurance risk of underwriting cryptocoin exchanges. If they are prepared to, and it must be just a matter of time, then collapses of exchanges with the subsequent declaration of coin losses will finally become a thing of the past. We can place deposits with the confident knowledge that one of the World’s largest insurers is underwriting the insurance risk. Perhaps the collapse of Mt gox has served some purpose. If AIG was paying out that bill, we would all know exactly what was missing as well as where it went, real businesses are good like that.
Last modified (UTC): April 24, 2014 15:27