Almost every month, a major cryptocurrency theft makes headlines. In January 2018, for instance, hackers stole $534 million worth of digital coins from the crypto exchange Coincheck. Nevertheless, the crypto market grows and develops unabated. These conditions make the space a natural environment for insurance companies to offer their services. Several large insurance companies have recognized the opportunity, but on the road to offering cryptocurrency insurance, they have faced roadblocks.
In this guide, we will:
- Give a brief background about the cryptocurrency insurance industry as well as the challenges that is has faced.
- Describe the general types of protection that are offered.
- Note what to look out for when evaluating a policy.
- Analyze how custodians are a natural ally for the insurance industry in the crypto space.
Background: A Hesitant Start, But a “Big Opportunity”
In 2015, only six years after the launch of the world’s first cryptocurrency, J. Kirtland of Voya Financial remarked, “Bitcoin is the cutting edge of where monetary systems may be going”. Since around that time, the insurance industry has cautiously been approaching the cryptocurrency space, which Christian Weishuber of Allianz called “a big opportunity” in 2018. The trepidation felt by the insurance industry was not unreasonable, as digital currencies like Bitcoin, Ethereum, Ripple, and others have presented new and ever-evolving challenges for insurance giants.
One of the initial hurdles was technical knowledge and experience with blockchain technology. This was developing rapidly on a yearly basis, and the traditional insurance companies were at a loss about how to structure coverage plans for these virtual assets. Lack of historical data–the bedrock of risk analysis–combined with inconsistent regulatory practices created an environment of big unknowns for insurers.
The volatility of the crypto markets in recent years has not helped matters. Price fluctuations make it difficult to assess the value of assets for which insurance coverage may have started when they were worth only a fraction of their present value. For instance, a policy that began in late 2014 may have covered 1 BTC valued at $400 then, but what would the insurer be on the hook for if that same 1 BTC was stolen in early 2018, when it was worth $15,000?
Also, insurers have found that it is unclear what constitutes negligence in handling digital assets on the part of the consumer. If an investor falls victim to a phishing scam over email (a form of identity theft) and lost their cryptocurrency, does the insurance company have to pay the investor? These concerns and others have made insurance firms serving the cryptocurrency industry cautious to the point of asking their client companies that they do not claim that their assets are insured (lest they mislead consumers about the extent of the coverage).
Nevertheless, insurance behemoths like AIG and Allianz have already entered the crypto space, while Lloyd’s of London was the first to do so. One of the potential benefits for insurance companies of becoming crypto savvy is that the underlying technology of blockchain itself can make the entire insurance industry better. Distributed applications (dApps) and smart contracts, for instance, can make many other forms of insurance transactions more secure and efficient.
Cryptocurrency Insurance Policies
Structuring an insurance plan requires assessing risks, and in 2015, Lloyd’s of London published a “Risk factors for insurance” report about Bitcoin. In this report, they outline six major threats posed to their customers’ cryptocurrency assets that insurance plans should address:
- Flawed key generation — a mistake that allows hackers to decrypt private keys
- Transaction malleability — tricking consumers into sending a payment multiple times
- Fifty-one percent attack — a mass computing attack to overpower an entire blockchain
- Sybil attacks — surrounding one network node with malicious ones to manipulate it
- DDoS attacks — shutting down a network by bombarding it with fake requests
- Consensus of fork risk — splitting of one currency into two that may cause confusion
These threats and other risk factors all need to be accounted for by underwriters when making a policy. Jacqueline Quintal of Aon told Forbes that such factors include “management team experience and expertise, security and storage protocols, financial crime concerns (e.g. Anti-Money Laundering and Know Your Client), relationships with legal counsel, accountants and banking partners as well as regulatory strategy.”
To cope with these risks, insurance companies have identified best practices to be used by their client companies, which can also help to ensure security of customers’ digital assets. These practices, according to Lloyd’s, include:
- Server-side security — utilizing industry techniques or outsourcing to the cloud
- Cold storage — storing private keys that access crypto assets offline (preventing hacks)
- Multi-sig and control persons — distributing transaction authority to multiple individuals
- Hybrid wallets — not storing private keys on an institutional level
Some insurance companies even refuse to insure clients that do not meet these security requirements (for instance, if the client does not record private keys in cold storage). These and other special conditions make the cryptocurrency insurance market unique. There are even policies that cover ransom payments to hackers that lock targets out of their data.
Since methods of breaching security keep evolving, insurance coverage for cryptocurrency companies can cost up to five times as much as in other industries. (This may also be the case because one company, Aon, currently claims to own 50% of the B2B crypto insurance market.) Amazingly, though, as of July 2018, no insurance company has had to pay out a major claim to a cryptocurrency company.
More companies are entering the crypto insurance space every month. In July 2018, IBM announced that it will be helping launch a new stablecoin (i.e. a cryptocurrency pegged to another asset, such as USD) with funds insured by the FDIC. This is a positive development for the crypto market. As Lucas Nuzzi, director of technology research at Digital Asset Research, said that month, “[insurance] definitely helps to legitimize the industry”.
Custodian Management of Crypto
Pitfalls remain for investors when considering insurance for their crypto assets, especially in the fine print. “[The number of exclusions] can make the whole policy close to useless”, notes Hillik Nissani, COO of Cryptalgo. Exchanges such as Coinbase have been criticized for claiming to insure their customers’ crypto assets while specifying in the fine print that only their online (“hot” wallet) storage is insured, which makes up only 3% of their customers’ assets (the “cold” wallet offline storage is more secure, uninsured by Coinbase, and comprises the other 97%).
One way for any person or entity to potentially protect against insurance policy exclusions related to cryptocurrency ownership is to invest through a custodian, a financial institution that specializes in securely storing assets. Custodians themselves have been slow to adapt to the special technical requirements of cryptocurrency, but that is beginning to change. In June 2018, Kyle Samani of Multicoin Capital said, “Over the next year, the market will come to recognize that custodianship is a solved problem. This will unlock a big wave of capital.” More specifically, it’s estimated to soon become a $20 billion segment within the crypto industry once institutional money pours into it. Custodian services themselves are seen by some experts as “Wall Street’s chance of being crypto-relevant”, stabilizing and securing a nascent market.
What is often overlooked in recent media coverage, though, is that insured custodian services were already being offered before the summer of 2018. BitIRA, for instance, has partnered with custodians Equity Trust Company and Preferred Trust Company to offer cryptocurrency investment services for IRA retirement accounts, where digital assets are insured and housed in more secure cold storage.
More recently, BitGo, a crypto security company, was granted approval by state regulators to offer custodian services for cryptocurrency. Now, bigger institutional players like Goldman Sachs are even planning to enter the crypto custody space.
Some limitations do exist when it comes to storing cryptocurrency with a custodian. Often it may take 24 hours or more to take assets out of cold storage. No matter what type of insurance investors are considering, it’s always wise look past general statements and review the details carefully. As Matt Johnson, an executive at Digital Asset Custody Company (DACC), put it to CoinDesk, “You can create an insurance policy that protects no one — you know there are so many caveats to the policy that it’s not super protective.”
It seems to be a matter of time before the insurance industry is fully on board with serving the crypto market, but not quite yet. The reason why this is so highlights an interesting contradiction inherent in cryptocurrency adoption as a whole. The cryptocurrency market would be larger if insurers and custodians embraced it (allowing institutional investors to flood in), but the insurers and custodians are not embracing it quite yet because the crypto market is not “large enough for premiums to cover possible losses.”