In Hong Kong, search for ‘cyber theft’ insurance stumps aspiring cryptocurrency exchanges
- For cryptocurrency exchanges and custodians, complying with Hong Kong’s new rule on insurance is a costly challenge
- Few speciality insurers willing to underwrite against theft and hacking due to high risks
Hong Kong cryptocurrency exchanges and custodians are seeking out insurance to cover the risks of hacking and theft, in an effort to comply with future regulation by the city’s securities watchdog to provide full protection for client assets.
However, finding an insurer that will underwrite the needed policies and provide the high level of proposed coverage set out by the Securities and Futures Commission (SFC) has proven to be a challenge for the emerging industry, according to industry players.
The high cost, as well as limits on the coverage provided, not to mention the reluctance of some insurance companies to underwrite against risks that are difficult to measure and anticipate, were among the hurdles in complying with the SFC’s proposed rules, industry players said.
Most cybersecurity insurance coverage is written by the speciality insurance market in London, although a number of companies in Asia are beginning to enter the niche market.
“The number of insurers and reinsurers that are willing to underwrite cryptocurrency cybersecurity risk is extremely narrow. The amount of available coverage capacity today is under US$1 billion per transaction,” said Murray Wood, Asia head of financial specialities at Aon.
He said the premium charged on cryptocurrency exchanges and custodians for insuring cryptocurrency assets is “significantly higher” than those charged on insuring cybersecurity risks that affect traditional banks and financial institutions.
In May, Aon helped broker policy coverage for blockchain trading technology company BC Group to insure its custody services against third-party hacks, making it one of the first companies in Asia to work with a group of international specialist insurers on this type of risk.
Globally, at least US$1.15 billion worth of cryptocurrency assets were lost through theft or hacking at exchanges since the start of 2018, according to calculations by the Post on reported events.
The securities watchdog said at the time it was setting out a “conceptual framework” to license and regulate virtual assets, adding that platform operators will need to be insured against theft and hacking risks related to the custody of virtual assets.
Cold storage refers a device for holding cryptocurrencies offline. Hot storage refers to an environment which has online access and is more vulnerable to hacking.
Some industry players said the SFC should lower the insurance coverage requirements in light of the high premium costs when it finalises its licensing regime.
In light of the short trading history of cryptocurrencies, insurers are scrutinising how well exchanges meet compliance protocols. These include practises such as know-your-client, anti-money-laundering and internal security protocols to guard against unauthorised activities, said Wood.
Ari Chester, a partner at Mckinsey’s global insurance practice, said most cyber insurance covers data breach, liability, business interruption, extortion, regulatory costs, and digital asset replacement.
“But in the case of cryptocurrency, the digital asset is not just data, but has direct monetary value. Hence it would be a highly niche, non-standard coverage. For this type of risk, the payout ceiling for the client would get priced on a case-by-case basis,” he said.
Chester said the typical coverage limit would range from US$5 million to US$25 million, although some insurance brokers can arrange bundled protection of up to US$700 million or more for large companies.
Most insurers will only underwrite risks from fraudulent activities, and third-party hacks.
The risks of company insiders disappearing with their clients’ assets, either by ill intent, or accident are not covered.
Quadriga filed for creditor protection in January saying it was not able to send funds to 115,000 customers that used its platform.