NEW YORK (Reuters) - Insurance is supposed to make you feel safe, but even those who sell special cyber-security protection packages worry about hacking threats.
What makes Jerry Hourihan lose sleep is that everyone’s information already is likely compromised. Hourihan is head of the U.S. private client group for insurer AIG Inc, which last year launched a Family CyberEdge policy, offering coverage for advanced cyber threats.
When AIG was developing the project, Hourihan said a senior executive volunteered to see what security consultants could dig up about him on the dark web. Within minutes, they purchased his Social Security number for a few dollars.
“Everyone’s information is out there, and the task is to minimize your risk,” said Hourihan.
It requires a lot more than just a monthly $9.99 identity theft monitoring service or fraud alerts on your credit card to deal with ransomware, cyberbullying, network infiltration and a whole host of other scary threats.
If you do not have a corporate-level IT department to call in a pinch, you can now buy that kind of protection. Prices vary based on the coverage, but they are intended for high net-worth families, so expect sticker shock. Along with AIG’s CyberEdge, Chubb Ltd just launched a cyber protection extension to its Masterpiece homeowner policy.
These policies cover for losses up to $250,0000, if, for instance, you need to replace the entire smart lighting system in your house because it has been hacked. The policies also offer ongoing white-glove consulting services to shore up cyber-defenses and also clean up after any incidents.
If these policies work for upper-income families, lower-priced coverage will follow, says independent security expert Robert Siciliano.
“They’re testing the waters, and they’ll see if it’ll be worth it to them to provide it to the masses,” said Siciliano, chief executive of IDTheftSecurity.com.
So far, most of AIG’s CyberEdge clients are asking questions about best safety practices.
“The goal is to provide a lot of consultation up front, and then avoid most of the issues,” said Hourihan.
Chubb’s Masterpiece is front-loading its policies with a lot of prevention, including a special wi-fi router from cyber-security firm Symantec Corp’s Norton, said Mike Tanenbaum, executive vice-president of Chubb’s North American cyber practice.
Without getting an expensive insurance policy, there are steps you can take to limit risk.
Change the locks, so to speak, said Mary Qualls of Florida-based Vault Insurance, catering to high net-worth homeowners. That can involve restarting your router to break any ongoing connection a hacker has into your network and also changing all your passwords.
Siciliano does not understand why everyone does not use a password management program.
“That is pure laziness,” Siciliano said.
With no universal reporting, it is hard to get a good grasp on cyber security problems and figure out a way to solve them. Eva Velasquez, president of the Identity Theft Resource Center (idtheftcenter.org), said that if more people reported hacking incidents it would help.
Recent data from the Federal Trade Commission found that millennials are reporting fraud a lot more often than other groups, with an average loss around $200, Velasquez said. Seniors reported less, but their average loss is $1,200.
“As you have more resources, your trigger of ‘is that painful enough to report?’ changes. The thieves know that,” said Velasquez.
The result: Hackers keep thefts low enough to fly under the radar and continue to operate with impunity.
Velasquez, whose organization offers free services for victims of identify theft, said that insurance could be worth it for individuals if they do a cost-benefit analysis.
“Do your homework, make sure it is legit, and know what’s covered,” Velasquez said. “If it brings you peace of mind, that can be of value. At the same time, just because you have insurance, you can’t abdicate responsibility.”
Editing by Lauren Young and Susan Thomas