It was bound to happen that the insurance market would move on from providing cyber liability insurance to businesses onto providing it to individuals.
Fortune magazine posted a story highlighting the recent personal cyber security insurance plans, being offered by American International Group (AIG). They suggest that many individuals have been taking out identify theft protection for a few years, and believe that personal cyber security insurance is soon to follow.
Although it’s not going to be plain sailing for AIG, or other insurance providers who follow them, because, as Fortune state, “That consumers may be putting themselves at more risk than insurers can accurately anticipate. This is due to what is known as the “privacy paradox.” Consumers place a high priority on the protection of their privacy, but their actual behaviour on information-sharing platforms like Facebook and Instagram runs counter to this”
For what its’ worth, I read this as the consumers still need to be educated on the appropriate use of technology in a way that minimises their risk. But how could this new behaviour be proven to an insurance company so that an appropriate policy and rates could be provided? Alongside this is of course that unlike some other insurance products, such as car insurance, there is not a legal requirement to have such cover. I’d predict that those customers who actively seek this insurance are those by their very nature who are a low risk.
However, we are still at the very beginning of these new insurance products and it will be very interesting to see how they pan out in the coming years.
One event that may prompt individuals to investigate all elements of cyber security insurance is that the cyber crime world continues to become more and more ‘professional’.
A story on SC Magazines website caught my eye as they reported on how criminals behind recent ransomware attacks changes the amount of money it charges, so that victims in areas with a higher cost of living will be charged more to have their data decrypted.
Alongside this, these criminals are also offering ‘customer’ support and guidance to their victims on how to pay and then retrieve their data.
This is not a new phenomenon and has appeared before on the pages of Cyber Insights, however basing a ransom amount on a victim’s perceived ability to pay I assume allows the criminals to actually make more money. Offering support as well ensures that ransomware is seen as a genuine threat as opposed to a scam.
There is no doubt about it in certain corners of the globe cyber crime, based around ransomware, is becoming a genuine is highly illegal profession!
I was slightly surprised by a new story that appeared on Naked Security, the award winning security news blog from Sophos, regarding the exploitation of a technical flaw in the Signalling System No.7 (SS7) telephony signalling protocol.
This protocol is, according to Naked Security, used to establish interoperability across some 800+ service providers worldwide, and has been widely known for many years as being deeply vulnerable to interception by hackers, criminals, and corrupt insiders. That flaw has now been exploited in Germany.
The criminals sent conventional fake phishing emails to victims, suckering them into visiting fake bank websites, where they were told to enter account numbers, passwords and the mobile phone numbers they had previously given their banks. This then gave them access to victims accounts whereby they could raid them as they see fit.
What surprises me about this, isn’t the fact that a flaw was exploited, but that a known flaw had not been rectified. The news story goes on to illustrate how often SS7 had been identified as vulnerable, from as far back as 2008, with no solution being presented.
And who are the real victims of this attack? Not the telecommunications service providers, but the consumers; individuals like you and me. So, with that in mind maybe now is the right time to take out that personal cyber security insurance!
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.