While cryptocurrencies and digital tokens — also known as “digital assets” — have disrupted traditional notions of commerce, capital and investing, there is another asset which any company engaged in this space will need: insurance. Given the rapidly-evolving nature of this new technology and the uncertainties surrounding applicable laws and regulations, it can be challenging to figure out the types of insurance products that should be considered. Any company engaged in this space should ask itself the following questions to help determine which lines of insurance it should consider.
Does it need Cyber Insurance?
- Does the company provide a technology service that might be subject to errors and omissions? For example, a cryptocurrency exchange provides a service to its customers that could be subject to mistake that causes a loss.
- Is there a risk of a privacy breach or breach of privacy regulations?
- Is there a risk of a security breach with respect to third parties which results in the following:
• Corruption, destruction or deletion of a third-party’s electronic data?
• Disclosure of third party’s private information?
• Theft of third party’s data?
- Failure to prevent the transmission of malicious code into third party’s network?
- Is there a risk of a threat of cyber extortion, such as:
• A threat to introduce or activate malicious code into a computer system?
• A threat that someone will interrupt a computer system?
• A threat that someone will damage or destroy a computer system?
• A threat that someone will disseminate or improperly utilize a computer system or disrupt a network?
- Is there a risk that some “network” disruption will cause a loss of business income?
Does it need Commercial Crime Insurance?
- Is there a risk of employee theft?
- Is there a risk of vendor theft?
- Is there a possibility of loss of money or securities through a fraudulent electronic transfer?
- Is there a risk of “identity fraud” – using a company’s or a person’s identity to commit a crime?
Does it need Director’s & Officer’s Liability Insurance?
- Is there a risk that a shareholder or investor will allege that an officer or director was guilty of omissions, misstatements, misleading statements, neglect or breach of duty that that resulted in a decrease in the value of stock or other assets such as, possibly, a token?
- Is there a risk that shareholders or investors will bring a claim against the company alleging actual or alleged omissions, misstatements, misleading statements, neglect or breach of duty that violated securities laws and thereby caused a decrease in value of stock or other assets such as, possibly, a token?
- Is there a risk that a shareholder or investor will demand that the company investigate itself for some corporate wrongdoing for the purposes of determining whether the company should prosecute a derivative action?
- Is there a risk that governmental enforcement authority (e.g., SEC, FinCEN) will demand an interview of an officer or director for the purposes of investigating a possible regulatory or other legal violation?
Does it need Kidnap & Ransom Insurance for some employees?
- If company employees, particularly directors and officers, travel with “cold storage” wallets (i.e. a wallet that is not on-line but, rather, is on a thumb-drive, etc.), there could be a risk of kidnap or extortion in some regions.
The above, of course, is just a generic overview and is certainly not meant to present an exhaustive list of all of the types of insurance that any company might need. Those determinations can only be made after a very specific assessment of the role that a company is playing in the crypto-currency space and the risks that it faces. Further, there are nuances to all of these lines of coverages and they vary among different insurers. In addition, all companies engaged in the crypto-currency space should expect to undergo fairly rigorous scrutiny by insurance underwriters who will seek to determine, for example, whether the company is at least attempting to be compliant with potentially-applicable regulations and has appropriate safe-guards in place, such as a data security incident response plan.
Robert Jacobs is a member of the firm’s Insurance Regulatory practice group and has presented on Insurance Risks for Blockchain at Enterprise Risk Conferences and to several of the firm’s clients. The firm’s Insurance Regulatory practice group specifically represents policy holders and is uniquely positioned to be a great value add to our clients.