Cyber insurance and NFTs
With the frequent occurrence of cyber attacks, it has become increasingly crucial to have insurance coverage against these attacks, and many insurance companies have started offering cyber security insurance services.
Like cryptocurrencies, NFTs are digital assets with a fixed value, based on blockchain technology and stored in the blockchain. The blockchain is a database that contains records that, once added, are almost impossible to change and is a digital ledger where all information can be recorded and accessible to anyone.
With the purchase of NFTs for millions of dollars, the popularity of NFTs and the increasing number of counterfeit NFTs, cyber security breaches and the need to secure NFTs have become hot topics in this sector.
As a result of the purchase of millions of dollars of NFTs and the increase in popularity of NFTs and the number of counterfeit NFTs; cyber security breaches and the need to insure NFTs have become hot topics in this sector.
Cyber insurance is a type of insurance that protects against various potential threats in the digital world, such as data breaches and harmful cyber attacks on computer systems. In this sense, NFT insurance can be categorized as cyber insurance. Under Turkish law, the legal status of NFTs has not yet been determined, and it is debatable whether they can be insured as chattels. Nevertheless, even if there is no legal impediment to insuring NFTs, it is obvious that public intervention is needed to determine the legal status of NFTs and how they will be protected within the framework of cyber insurance.
It is mentioned that one in three people in Turkey has been the victim of cyber-attacks and the proportion of those affected by malware has increased to 38.5% in the last 9 months. In Turkey, which is reported to be one of the countries with the highest increase in cyber attacks, the insurance industry is offering new products regarding cyber attacks under the names identity protection insurance, digital protection insurance or personal and commercial cyber security insurance to cover losses arising from attacks targeting digital platforms.
Although the need for insurance coverage has increased with the increasing number of cyber-attacks, due to both the diversity of cyber-attacks and the uncertainty of the risks that will arise as a result of the cyber-attack, developments in this sector have continued. slow and insurances covering the risks associated with cyber attacks have not been preferred to be the subject of reinsurance transactions. So that, as is practiced globally, Türk Reasürans A.Ş. and Milli Reasürans A.Ş. excluded cyber threats from insurance coverage for almost all industries due to the introduction of telecommuting into our lives and the onset of online social life, especially during the pandemic period which greatly increased cyber risk.
After the creation of the first example in 2014, cyber attacks against NFTs have also been seen to increase with the intention of profiting from NFTs, created by Mike Winkelmann in 2021 and sold for $69.3 million, through fraud and money laundering of money. In fact, in February 2022, one of the most recent attacks on OpenSea, an NFT trading platform, resulted in the theft of $1.7 million, and in the period July 2021 – July 2022, NFTs worth at least $100 million were reported to have been stolen.
With attacks on NFTs on the rise, so is the need for insurance and regulation in the cyber security sector. As with all digital assets, NFTs, which can represent both physical and digital assets, including artwork, real estate, music and videos, involve risks such as theft and the creation of counterfeit digital assets and should therefore be insured. In fact, in addition to the theft of NFTs, there has been an increase in copies and counterfeit digital assets that pass as genuine; therefore, insurance coverage is necessary to combat such counterfeit NFTs.
When an NFT is created, it contains public and private keys. The public key provides access to the blockchain ledger, while the private key indicates ownership. If the private key is lost, the insurance will be able to pay for the loss. It is proposed that NFTs can be insured in two different ways: against crime and loss. “Insurance against crime” provides cover against crime such as theft and fraudulent activities, while “insurance against loss” protects against damage caused by disruption of the blockchain.
Although it does not provide any regulation on cyber insurance, a national cyber security strategy and action plan was created for the measures to be taken in cyber security and to be implemented between 2020 and 2023. Again, Article 33/A of the Insurance Law No. 5684 introduced in 2021 stipulates that (i) The Special Risks Management Center has been established to provide coverage for risks for which insurance coverage is not available or for which it is challenging to provide insurance coverage, and (ii) the risk that must be managed within the scope of the center for the management of special risks, determined by the Ministry of Finance and Finance following a proposal from the Insurance and Private Pensions Ordinance and the supervisory body. Considering the purpose of this regulation, it is stated that the Special Risk Management Center can also work with insurance cover for cyber risks. New insurance measures are also being worked on to provide coverage in such areas with coverage gaps.
Although insurance companies and insurtech provide coverage for some digital assets in developed countries as well, these products have only been launched for fungible tokens such as cryptocurrencies, not for NFTs. Most of the comprehensive cryptocurrency policies today are backed by multiple Lloyd’s of London syndicates rather than a single insurer, as insurers are hesitant to insure digital assets due to the difficulty in fully understanding and pricing risk. For example, BitGo, a cryptocurrency wallet, and CoinCover, an insurtech founded in 2018, offer insurance with various security features backed by Lloyd’s of London to secure cryptocurrencies against theft and attacks. Again, solutions outside the insurance industry are offered to protect NFTs. Examples of companies in this area include Nexus Mutual, Cover Protocol, Insured Finance and Tidal Finance. These companies provide protection for smart contracts used to trade NFTs. Most recently, last March, IMA Financial announced an investment in an R&D study on hedging for NFTs. In Japan, NFT platform HARTI and insurance group Mitsui Sumitomo also offer NFT insurance for all digital items displayed on the HARTI application. However, while it is clear that all these developments are necessary steps to eliminate the deficiency in NFT insurance, there is currently no public regulation in this area yet.
Insurers are hesitant to provide insurance coverage for new generation insurance types such as cyber security and NFT insurance due to the uncertainty surrounding the risk of cyber attacks and the diversity of cyber attacks as in NFT. Considering that cyber-attacks are a reality today and their importance will increase, and the need for cyber security insurance will increase in parallel with this, to adapt to the new types of insurance that appear with the development of technology and to keep up with the developments in the world; for cyber security and NFT insurance, it is necessary to eliminate the uncertainty, draw a general framework, determine the scope of said insurance, and introduce public intervention and legal regulation to encourage insurance companies.