Technology is evolving quickly, influencing the way we live, and cybercrime is no exception. It is evident that while the cybercrime economy is advancing and maturing, the defense mechanisms of the cybersecurity industry seem to be falling behind, especially when it comes to protecting private individuals.
Cybercrime risks to high-net-worth (HNW) families are approaching an acute phase where the frequency and severity of cyber-related losses will both increase. We expect this transformation of cyber risk to happen based on three primary drivers:
- The improved defenses of large organizations. Large-scale breaches of corporate servers will still occur; however, the industry committed to combating organizational hacking is advanced, is learning quickly and is making it more difficult and expensive for the cybercriminals to win. Criminals will shift to easier prey, most notably the weaknesses of individuals.
- The economies of scale from experience and learning. It used to cost $85,000 (in today’s dollars) for every 1 MB of data in 1956. Now it costs just $.00002. Cybercriminals get to use this same benefit in multiple ways and have learned to crowdsource and share technologies and tactics to create an efficient attack strategy.
- The computerization of everything. As more and more consumer devices become smart and connected, the potential for interception, disruption and destruction follows. By 2035, there may be as many 1 trillion connected consumer products in use.
These developments and drivers will undoubtedly affect not just cyber risk, but the landscape and experience for all of us. We expect to see at least three negative consequences emerge:
- The commoditization of vulnerabilities. No longer will the spoils of cybercrime be the data, money or personal information stolen, but the vulnerabilities themselves that can lead to an attack will be tradable and subject to markets and arbitrage.
- The awareness and exploitation of cybersecurity immaturity among individuals and families. When what we haven’t been able to keep up on becomes more easily and profitably exploitable, it will be. We believe there is unlimited potential to increase awareness and adoption of cybersecurity. The problem that arises is the gap between what the bad guys already have and what the good guys need to do.
- Expansion of the loss consequences. It used to be that credit card numbers and personal information were the most severe losses stemming from a cyberattack. Now cybercrimes resulting in bodily harm, tangible-asset destruction, emotional distress, stalking and bullying are all becoming real.
While the personal insurance industry is emerging into its first-generation response to cybercrime, we've seen the release of newly created insurance coverages to help families address some of cybercrime’s losses. The insurance industry's response will evolve not only because of the continued evolution of cybercrime and cyber risk but also our industry's first experiences when providing solutions for it.
For more information, contact Erika Close.
